1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * dhcpcd - DHCP client daemon 4 * Copyright (c) 2006-2020 Roy Marples <roy@marples.name> 5 * All rights reserved 6 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 /* TODO: We should decline dupliate addresses detected */ 30 31 #include <sys/stat.h> 32 #include <sys/utsname.h> 33 34 #include <netinet/in.h> 35 36 #include <assert.h> 37 #include <ctype.h> 38 #include <errno.h> 39 #include <fcntl.h> 40 #include <inttypes.h> 41 #include <stdbool.h> 42 #include <stddef.h> 43 #include <stdlib.h> 44 #include <string.h> 45 #include <unistd.h> 46 #include <fcntl.h> 47 #include <syslog.h> 48 49 #define ELOOP_QUEUE ELOOP_DHCP6 50 #include "config.h" 51 #include "common.h" 52 #include "dhcp.h" 53 #include "dhcp6.h" 54 #include "duid.h" 55 #include "eloop.h" 56 #include "if.h" 57 #include "if-options.h" 58 #include "ipv6nd.h" 59 #include "logerr.h" 60 #include "privsep.h" 61 #include "script.h" 62 63 #ifdef HAVE_SYS_BITOPS_H 64 #include <sys/bitops.h> 65 #else 66 #include "compat/bitops.h" 67 #endif 68 69 /* DHCPCD Project has been assigned an IANA PEN of 40712 */ 70 #define DHCPCD_IANA_PEN 40712 71 72 /* Unsure if I want this */ 73 //#define VENDOR_SPLIT 74 75 /* Support older systems with different defines */ 76 #if !defined(IPV6_RECVPKTINFO) && defined(IPV6_PKTINFO) 77 #define IPV6_RECVPKTINFO IPV6_PKTINFO 78 #endif 79 80 #ifdef DHCP6 81 82 /* Assert the correct structure size for on wire */ 83 struct dhcp6_message { 84 uint8_t type; 85 uint8_t xid[3]; 86 /* followed by options */ 87 }; 88 __CTASSERT(sizeof(struct dhcp6_message) == 4); 89 90 struct dhcp6_option { 91 uint16_t code; 92 uint16_t len; 93 /* followed by data */ 94 }; 95 __CTASSERT(sizeof(struct dhcp6_option) == 4); 96 97 struct dhcp6_ia_na { 98 uint8_t iaid[4]; 99 uint32_t t1; 100 uint32_t t2; 101 }; 102 __CTASSERT(sizeof(struct dhcp6_ia_na) == 12); 103 104 struct dhcp6_ia_ta { 105 uint8_t iaid[4]; 106 }; 107 __CTASSERT(sizeof(struct dhcp6_ia_ta) == 4); 108 109 struct dhcp6_ia_addr { 110 struct in6_addr addr; 111 uint32_t pltime; 112 uint32_t vltime; 113 }; 114 __CTASSERT(sizeof(struct dhcp6_ia_addr) == 16 + 8); 115 116 /* XXX FIXME: This is the only packed structure and it does not align. 117 * Maybe manually decode it? */ 118 struct dhcp6_pd_addr { 119 uint32_t pltime; 120 uint32_t vltime; 121 uint8_t prefix_len; 122 struct in6_addr prefix; 123 } __packed; 124 __CTASSERT(sizeof(struct dhcp6_pd_addr) == 8 + 1 + 16); 125 126 struct dhcp6_op { 127 uint16_t type; 128 const char *name; 129 }; 130 131 static const struct dhcp6_op dhcp6_ops[] = { 132 { DHCP6_SOLICIT, "SOLICIT6" }, 133 { DHCP6_ADVERTISE, "ADVERTISE6" }, 134 { DHCP6_REQUEST, "REQUEST6" }, 135 { DHCP6_REPLY, "REPLY6" }, 136 { DHCP6_RENEW, "RENEW6" }, 137 { DHCP6_REBIND, "REBIND6" }, 138 { DHCP6_CONFIRM, "CONFIRM6" }, 139 { DHCP6_INFORMATION_REQ, "INFORM6" }, 140 { DHCP6_RELEASE, "RELEASE6" }, 141 { DHCP6_RECONFIGURE, "RECONFIGURE6" }, 142 { 0, NULL } 143 }; 144 145 struct dhcp_compat { 146 uint8_t dhcp_opt; 147 uint16_t dhcp6_opt; 148 }; 149 150 const struct dhcp_compat dhcp_compats[] = { 151 { DHO_DNSSERVER, D6_OPTION_DNS_SERVERS }, 152 { DHO_HOSTNAME, D6_OPTION_FQDN }, 153 { DHO_DNSDOMAIN, D6_OPTION_FQDN }, 154 { DHO_NISSERVER, D6_OPTION_NIS_SERVERS }, 155 { DHO_NTPSERVER, D6_OPTION_SNTP_SERVERS }, 156 { DHO_RAPIDCOMMIT, D6_OPTION_RAPID_COMMIT }, 157 { DHO_FQDN, D6_OPTION_FQDN }, 158 { DHO_VIVCO, D6_OPTION_VENDOR_CLASS }, 159 { DHO_VIVSO, D6_OPTION_VENDOR_OPTS }, 160 { DHO_DNSSEARCH, D6_OPTION_DOMAIN_LIST }, 161 { 0, 0 } 162 }; 163 164 static const char * const dhcp6_statuses[] = { 165 "Success", 166 "Unspecified Failure", 167 "No Addresses Available", 168 "No Binding", 169 "Not On Link", 170 "Use Multicast", 171 "No Prefix Available" 172 }; 173 174 static void dhcp6_bind(struct interface *, const char *, const char *); 175 static void dhcp6_failinform(void *); 176 static void dhcp6_recvaddr(void *); 177 178 #ifdef SMALL 179 #define dhcp6_hasprefixdelegation(a) (0) 180 #else 181 static int dhcp6_hasprefixdelegation(struct interface *); 182 #endif 183 184 void 185 dhcp6_printoptions(const struct dhcpcd_ctx *ctx, 186 const struct dhcp_opt *opts, size_t opts_len) 187 { 188 size_t i, j; 189 const struct dhcp_opt *opt, *opt2; 190 int cols; 191 192 for (i = 0, opt = ctx->dhcp6_opts; 193 i < ctx->dhcp6_opts_len; i++, opt++) 194 { 195 for (j = 0, opt2 = opts; j < opts_len; j++, opt2++) 196 if (opt2->option == opt->option) 197 break; 198 if (j == opts_len) { 199 cols = printf("%05d %s", opt->option, opt->var); 200 dhcp_print_option_encoding(opt, cols); 201 } 202 } 203 for (i = 0, opt = opts; i < opts_len; i++, opt++) { 204 cols = printf("%05d %s", opt->option, opt->var); 205 dhcp_print_option_encoding(opt, cols); 206 } 207 } 208 209 static size_t 210 dhcp6_makeuser(void *data, const struct interface *ifp) 211 { 212 const struct if_options *ifo = ifp->options; 213 struct dhcp6_option o; 214 uint8_t *p; 215 const uint8_t *up, *ue; 216 uint16_t ulen, unlen; 217 size_t olen; 218 219 /* Convert the DHCPv4 user class option to DHCPv6 */ 220 up = ifo->userclass; 221 ulen = *up++; 222 if (ulen == 0) 223 return 0; 224 225 p = data; 226 olen = 0; 227 if (p != NULL) 228 p += sizeof(o); 229 230 ue = up + ulen; 231 for (; up < ue; up += ulen) { 232 ulen = *up++; 233 olen += sizeof(ulen) + ulen; 234 if (data == NULL) 235 continue; 236 unlen = htons(ulen); 237 memcpy(p, &unlen, sizeof(unlen)); 238 p += sizeof(unlen); 239 memcpy(p, up, ulen); 240 p += ulen; 241 } 242 if (data != NULL) { 243 o.code = htons(D6_OPTION_USER_CLASS); 244 o.len = htons((uint16_t)olen); 245 memcpy(data, &o, sizeof(o)); 246 } 247 248 return sizeof(o) + olen; 249 } 250 251 static size_t 252 dhcp6_makevendor(void *data, const struct interface *ifp) 253 { 254 const struct if_options *ifo; 255 size_t len, i; 256 uint8_t *p; 257 ssize_t vlen; 258 const struct vivco *vivco; 259 char vendor[VENDORCLASSID_MAX_LEN]; 260 struct dhcp6_option o; 261 262 ifo = ifp->options; 263 len = sizeof(uint32_t); /* IANA PEN */ 264 if (ifo->vivco_en) { 265 for (i = 0, vivco = ifo->vivco; 266 i < ifo->vivco_len; 267 i++, vivco++) 268 len += sizeof(uint16_t) + vivco->len; 269 vlen = 0; /* silence bogus gcc warning */ 270 } else { 271 vlen = dhcp_vendor(vendor, sizeof(vendor)); 272 if (vlen == -1) 273 vlen = 0; 274 else 275 len += sizeof(uint16_t) + (size_t)vlen; 276 } 277 278 if (len > UINT16_MAX) { 279 logerrx("%s: DHCPv6 Vendor Class too big", ifp->name); 280 return 0; 281 } 282 283 if (data != NULL) { 284 uint32_t pen; 285 uint16_t hvlen; 286 287 p = data; 288 o.code = htons(D6_OPTION_VENDOR_CLASS); 289 o.len = htons((uint16_t)len); 290 memcpy(p, &o, sizeof(o)); 291 p += sizeof(o); 292 pen = htonl(ifo->vivco_en ? ifo->vivco_en : DHCPCD_IANA_PEN); 293 memcpy(p, &pen, sizeof(pen)); 294 p += sizeof(pen); 295 296 if (ifo->vivco_en) { 297 for (i = 0, vivco = ifo->vivco; 298 i < ifo->vivco_len; 299 i++, vivco++) 300 { 301 hvlen = htons((uint16_t)vivco->len); 302 memcpy(p, &hvlen, sizeof(hvlen)); 303 p += sizeof(hvlen); 304 memcpy(p, vivco->data, vivco->len); 305 p += vivco->len; 306 } 307 } else if (vlen) { 308 hvlen = htons((uint16_t)vlen); 309 memcpy(p, &hvlen, sizeof(hvlen)); 310 p += sizeof(hvlen); 311 memcpy(p, vendor, (size_t)vlen); 312 } 313 } 314 315 return sizeof(o) + len; 316 } 317 318 static void * 319 dhcp6_findoption(void *data, size_t data_len, uint16_t code, uint16_t *len) 320 { 321 uint8_t *d; 322 struct dhcp6_option o; 323 324 code = htons(code); 325 for (d = data; data_len != 0; d += o.len, data_len -= o.len) { 326 if (data_len < sizeof(o)) { 327 errno = EINVAL; 328 return NULL; 329 } 330 memcpy(&o, d, sizeof(o)); 331 d += sizeof(o); 332 data_len -= sizeof(o); 333 o.len = htons(o.len); 334 if (data_len < o.len) { 335 errno = EINVAL; 336 return NULL; 337 } 338 if (o.code == code) { 339 if (len != NULL) 340 *len = o.len; 341 return d; 342 } 343 } 344 345 errno = ENOENT; 346 return NULL; 347 } 348 349 static void * 350 dhcp6_findmoption(void *data, size_t data_len, uint16_t code, 351 uint16_t *len) 352 { 353 uint8_t *d; 354 355 if (data_len < sizeof(struct dhcp6_message)) { 356 errno = EINVAL; 357 return false; 358 } 359 d = data; 360 d += sizeof(struct dhcp6_message); 361 data_len -= sizeof(struct dhcp6_message); 362 return dhcp6_findoption(d, data_len, code, len); 363 } 364 365 static const uint8_t * 366 dhcp6_getoption(struct dhcpcd_ctx *ctx, 367 size_t *os, unsigned int *code, size_t *len, 368 const uint8_t *od, size_t ol, struct dhcp_opt **oopt) 369 { 370 struct dhcp6_option o; 371 size_t i; 372 struct dhcp_opt *opt; 373 374 if (od != NULL) { 375 *os = sizeof(o); 376 if (ol < *os) { 377 errno = EINVAL; 378 return NULL; 379 } 380 memcpy(&o, od, sizeof(o)); 381 *len = ntohs(o.len); 382 if (*len > ol - *os) { 383 errno = ERANGE; 384 return NULL; 385 } 386 *code = ntohs(o.code); 387 } 388 389 *oopt = NULL; 390 for (i = 0, opt = ctx->dhcp6_opts; 391 i < ctx->dhcp6_opts_len; i++, opt++) 392 { 393 if (opt->option == *code) { 394 *oopt = opt; 395 break; 396 } 397 } 398 399 if (od != NULL) 400 return od + sizeof(o); 401 return NULL; 402 } 403 404 static bool 405 dhcp6_updateelapsed(struct interface *ifp, struct dhcp6_message *m, size_t len) 406 { 407 uint8_t *opt; 408 uint16_t opt_len; 409 struct dhcp6_state *state; 410 struct timespec tv; 411 unsigned long long hsec; 412 uint16_t sec; 413 414 opt = dhcp6_findmoption(m, len, D6_OPTION_ELAPSED, &opt_len); 415 if (opt == NULL) 416 return false; 417 if (opt_len != sizeof(sec)) { 418 errno = EINVAL; 419 return false; 420 } 421 422 state = D6_STATE(ifp); 423 clock_gettime(CLOCK_MONOTONIC, &tv); 424 if (state->RTC == 0) { 425 /* An RTC of zero means we're the first message 426 * out of the door, so the elapsed time is zero. */ 427 state->started = tv; 428 hsec = 0; 429 } else { 430 unsigned long long secs; 431 unsigned int nsecs; 432 433 secs = eloop_timespec_diff(&tv, &state->started, &nsecs); 434 /* Elapsed time is measured in centiseconds. 435 * We need to be sure it will not potentially overflow. */ 436 if (secs >= (UINT16_MAX / CSEC_PER_SEC) + 1) 437 hsec = UINT16_MAX; 438 else { 439 hsec = (secs * CSEC_PER_SEC) + 440 (nsecs / NSEC_PER_CSEC); 441 if (hsec > UINT16_MAX) 442 hsec = UINT16_MAX; 443 } 444 } 445 sec = htons((uint16_t)hsec); 446 memcpy(opt, &sec, sizeof(sec)); 447 return true; 448 } 449 450 static void 451 dhcp6_newxid(const struct interface *ifp, struct dhcp6_message *m) 452 { 453 const struct interface *ifp1; 454 const struct dhcp6_state *state1; 455 uint32_t xid; 456 457 if (ifp->options->options & DHCPCD_XID_HWADDR && 458 ifp->hwlen >= sizeof(xid)) 459 /* The lower bits are probably more unique on the network */ 460 memcpy(&xid, (ifp->hwaddr + ifp->hwlen) - sizeof(xid), 461 sizeof(xid)); 462 else { 463 again: 464 xid = arc4random(); 465 } 466 467 m->xid[0] = (xid >> 16) & 0xff; 468 m->xid[1] = (xid >> 8) & 0xff; 469 m->xid[2] = xid & 0xff; 470 471 /* Ensure it's unique */ 472 TAILQ_FOREACH(ifp1, ifp->ctx->ifaces, next) { 473 if (ifp == ifp1) 474 continue; 475 if ((state1 = D6_CSTATE(ifp1)) == NULL) 476 continue; 477 if (state1->send != NULL && 478 state1->send->xid[0] == m->xid[0] && 479 state1->send->xid[1] == m->xid[1] && 480 state1->send->xid[2] == m->xid[2]) 481 break; 482 } 483 484 if (ifp1 != NULL) { 485 if (ifp->options->options & DHCPCD_XID_HWADDR && 486 ifp->hwlen >= sizeof(xid)) 487 { 488 logerrx("%s: duplicate xid on %s", 489 ifp->name, ifp1->name); 490 return; 491 } 492 goto again; 493 } 494 } 495 496 #ifndef SMALL 497 static const struct if_sla * 498 dhcp6_findselfsla(struct interface *ifp) 499 { 500 size_t i, j; 501 struct if_ia *ia; 502 503 for (i = 0; i < ifp->options->ia_len; i++) { 504 ia = &ifp->options->ia[i]; 505 if (ia->ia_type != D6_OPTION_IA_PD) 506 continue; 507 for (j = 0; j < ia->sla_len; j++) { 508 if (strcmp(ia->sla[j].ifname, ifp->name) == 0) 509 return &ia->sla[j]; 510 } 511 } 512 return NULL; 513 } 514 515 static int 516 dhcp6_delegateaddr(struct in6_addr *addr, struct interface *ifp, 517 const struct ipv6_addr *prefix, const struct if_sla *sla, struct if_ia *ia) 518 { 519 struct dhcp6_state *state; 520 struct if_sla asla; 521 char sabuf[INET6_ADDRSTRLEN]; 522 const char *sa; 523 524 state = D6_STATE(ifp); 525 if (state == NULL) { 526 ifp->if_data[IF_DATA_DHCP6] = calloc(1, sizeof(*state)); 527 state = D6_STATE(ifp); 528 if (state == NULL) { 529 logerr(__func__); 530 return -1; 531 } 532 533 TAILQ_INIT(&state->addrs); 534 state->state = DH6S_DELEGATED; 535 state->reason = "DELEGATED6"; 536 } 537 538 if (sla == NULL || sla->sla_set == 0) { 539 /* No SLA set, so make an assumption of 540 * desired SLA and prefix length. */ 541 asla.sla = ifp->index; 542 asla.prefix_len = 0; 543 asla.sla_set = 0; 544 sla = &asla; 545 } else if (sla->prefix_len == 0) { 546 /* An SLA was given, but prefix length was not. 547 * We need to work out a suitable prefix length for 548 * potentially more than one interface. */ 549 asla.sla = sla->sla; 550 asla.prefix_len = 0; 551 asla.sla_set = 0; 552 sla = &asla; 553 } 554 555 if (sla->prefix_len == 0) { 556 uint32_t sla_max; 557 int bits; 558 559 if (ia->sla_max == 0) { 560 const struct interface *ifi; 561 562 sla_max = 0; 563 TAILQ_FOREACH(ifi, ifp->ctx->ifaces, next) { 564 if (ifi->index > sla_max) 565 sla_max = ifi->index; 566 } 567 } else 568 sla_max = ia->sla_max; 569 570 bits = fls32(sla_max); 571 572 if (prefix->prefix_len + bits > (int)UINT8_MAX) 573 asla.prefix_len = UINT8_MAX; 574 else { 575 asla.prefix_len = (uint8_t)(prefix->prefix_len + bits); 576 577 /* Make a 64 prefix by default, as this makes SLAAC 578 * possible. 579 * Otherwise round up to the nearest 4 bits. */ 580 if (asla.prefix_len <= 64) 581 asla.prefix_len = 64; 582 else 583 asla.prefix_len = 584 (uint8_t)ROUNDUP4(asla.prefix_len); 585 } 586 587 #define BIT(n) (1UL << (n)) 588 #define BIT_MASK(len) (BIT(len) - 1) 589 if (ia->sla_max == 0) { 590 /* Work out the real sla_max from our bits used */ 591 bits = asla.prefix_len - prefix->prefix_len; 592 /* Make static analysis happy. 593 * Bits cannot be bigger than 32 thanks to fls32. */ 594 assert(bits <= 32); 595 ia->sla_max = (uint32_t)BIT_MASK(bits); 596 } 597 } 598 599 if (ipv6_userprefix(&prefix->prefix, prefix->prefix_len, 600 sla->sla, addr, sla->prefix_len) == -1) 601 { 602 sa = inet_ntop(AF_INET6, &prefix->prefix, 603 sabuf, sizeof(sabuf)); 604 logerr("%s: invalid prefix %s/%d + %d/%d", 605 ifp->name, sa, prefix->prefix_len, 606 sla->sla, sla->prefix_len); 607 return -1; 608 } 609 610 if (prefix->prefix_exclude_len && 611 IN6_ARE_ADDR_EQUAL(addr, &prefix->prefix_exclude)) 612 { 613 sa = inet_ntop(AF_INET6, &prefix->prefix_exclude, 614 sabuf, sizeof(sabuf)); 615 logerrx("%s: cannot delegate excluded prefix %s/%d", 616 ifp->name, sa, prefix->prefix_exclude_len); 617 return -1; 618 } 619 620 return sla->prefix_len; 621 } 622 #endif 623 624 static int 625 dhcp6_makemessage(struct interface *ifp) 626 { 627 struct dhcp6_state *state; 628 struct dhcp6_message *m; 629 struct dhcp6_option o; 630 uint8_t *p, *si, *unicast, IA; 631 size_t n, l, len, ml, hl; 632 uint8_t type; 633 uint16_t si_len, uni_len, n_options; 634 uint8_t *o_lenp; 635 struct if_options *ifo; 636 const struct dhcp_opt *opt, *opt2; 637 const struct ipv6_addr *ap; 638 char hbuf[HOSTNAME_MAX_LEN + 1]; 639 const char *hostname; 640 int fqdn; 641 struct dhcp6_ia_na ia_na; 642 uint16_t ia_na_len; 643 struct if_ia *ifia; 644 #ifdef AUTH 645 uint16_t auth_len; 646 #endif 647 uint8_t duid[DUID_LEN]; 648 size_t duid_len = 0; 649 650 state = D6_STATE(ifp); 651 if (state->send) { 652 free(state->send); 653 state->send = NULL; 654 } 655 656 ifo = ifp->options; 657 fqdn = ifo->fqdn; 658 659 if (fqdn == FQDN_DISABLE && ifo->options & DHCPCD_HOSTNAME) { 660 /* We're sending the DHCPv4 hostname option, so send FQDN as 661 * DHCPv6 has no FQDN option and DHCPv4 must not send 662 * hostname and FQDN according to RFC4702 */ 663 fqdn = FQDN_BOTH; 664 } 665 if (fqdn != FQDN_DISABLE) 666 hostname = dhcp_get_hostname(hbuf, sizeof(hbuf), ifo); 667 else 668 hostname = NULL; /* appearse gcc */ 669 670 /* Work out option size first */ 671 n_options = 0; 672 len = 0; 673 si = NULL; 674 hl = 0; /* Appease gcc */ 675 if (state->state != DH6S_RELEASE) { 676 for (l = 0, opt = ifp->ctx->dhcp6_opts; 677 l < ifp->ctx->dhcp6_opts_len; 678 l++, opt++) 679 { 680 for (n = 0, opt2 = ifo->dhcp6_override; 681 n < ifo->dhcp6_override_len; 682 n++, opt2++) 683 { 684 if (opt->option == opt2->option) 685 break; 686 } 687 if (n < ifo->dhcp6_override_len) 688 continue; 689 if (!DHC_REQOPT(opt, ifo->requestmask6, ifo->nomask6)) 690 continue; 691 n_options++; 692 len += sizeof(o.len); 693 } 694 #ifndef SMALL 695 for (l = 0, opt = ifo->dhcp6_override; 696 l < ifo->dhcp6_override_len; 697 l++, opt++) 698 { 699 if (!DHC_REQOPT(opt, ifo->requestmask6, ifo->nomask6)) 700 continue; 701 n_options++; 702 len += sizeof(o.len); 703 } 704 if (dhcp6_findselfsla(ifp)) { 705 n_options++; 706 len += sizeof(o.len); 707 } 708 #endif 709 if (len) 710 len += sizeof(o); 711 712 if (fqdn != FQDN_DISABLE) { 713 hl = encode_rfc1035(hostname, NULL); 714 len += sizeof(o) + 1 + hl; 715 } 716 717 if (!has_option_mask(ifo->nomask6, D6_OPTION_MUDURL) && 718 ifo->mudurl[0]) 719 len += sizeof(o) + ifo->mudurl[0]; 720 721 #ifdef AUTH 722 if ((ifo->auth.options & DHCPCD_AUTH_SENDREQUIRE) != 723 DHCPCD_AUTH_SENDREQUIRE && 724 DHC_REQ(ifo->requestmask6, ifo->nomask6, 725 D6_OPTION_RECONF_ACCEPT)) 726 len += sizeof(o); /* Reconfigure Accept */ 727 #endif 728 } 729 730 len += sizeof(*state->send); 731 len += sizeof(o) + sizeof(uint16_t); /* elapsed */ 732 733 if (ifo->options & DHCPCD_ANONYMOUS) { 734 duid_len = duid_make(duid, ifp, DUID_LL); 735 len += sizeof(o) + duid_len; 736 } else { 737 len += sizeof(o) + ifp->ctx->duid_len; 738 } 739 740 if (!has_option_mask(ifo->nomask6, D6_OPTION_USER_CLASS)) 741 len += dhcp6_makeuser(NULL, ifp); 742 if (!has_option_mask(ifo->nomask6, D6_OPTION_VENDOR_CLASS)) 743 len += dhcp6_makevendor(NULL, ifp); 744 745 /* IA */ 746 m = NULL; 747 ml = 0; 748 switch(state->state) { 749 case DH6S_REQUEST: 750 m = state->recv; 751 ml = state->recv_len; 752 /* FALLTHROUGH */ 753 case DH6S_RELEASE: 754 /* FALLTHROUGH */ 755 case DH6S_RENEW: 756 if (m == NULL) { 757 m = state->new; 758 ml = state->new_len; 759 } 760 si = dhcp6_findmoption(m, ml, D6_OPTION_SERVERID, &si_len); 761 if (si == NULL) 762 return -1; 763 len += sizeof(o) + si_len; 764 /* FALLTHROUGH */ 765 case DH6S_REBIND: 766 /* FALLTHROUGH */ 767 case DH6S_CONFIRM: 768 /* FALLTHROUGH */ 769 case DH6S_DISCOVER: 770 if (m == NULL) { 771 m = state->new; 772 ml = state->new_len; 773 } 774 TAILQ_FOREACH(ap, &state->addrs, next) { 775 if (ap->flags & IPV6_AF_STALE) 776 continue; 777 if (!(ap->flags & IPV6_AF_REQUEST) && 778 (ap->prefix_vltime == 0 || 779 state->state == DH6S_DISCOVER)) 780 continue; 781 if (ap->ia_type == D6_OPTION_IA_PD) { 782 #ifndef SMALL 783 len += sizeof(o) + sizeof(struct dhcp6_pd_addr); 784 if (ap->prefix_exclude_len) 785 len += sizeof(o) + 1 + 786 (uint8_t)((ap->prefix_exclude_len - 787 ap->prefix_len - 1) / NBBY) + 1; 788 #endif 789 } else 790 len += sizeof(o) + sizeof(struct dhcp6_ia_addr); 791 } 792 /* FALLTHROUGH */ 793 case DH6S_INIT: 794 for (l = 0; l < ifo->ia_len; l++) { 795 len += sizeof(o) + sizeof(uint32_t); /* IAID */ 796 /* IA_TA does not have T1 or T2 timers */ 797 if (ifo->ia[l].ia_type != D6_OPTION_IA_TA) 798 len += sizeof(uint32_t) + sizeof(uint32_t); 799 } 800 IA = 1; 801 break; 802 default: 803 IA = 0; 804 } 805 806 if (state->state == DH6S_DISCOVER && 807 !(ifp->ctx->options & DHCPCD_TEST) && 808 DHC_REQ(ifo->requestmask6, ifo->nomask6, D6_OPTION_RAPID_COMMIT)) 809 len += sizeof(o); 810 811 if (m == NULL) { 812 m = state->new; 813 ml = state->new_len; 814 } 815 816 switch(state->state) { 817 case DH6S_INIT: /* FALLTHROUGH */ 818 case DH6S_DISCOVER: 819 type = DHCP6_SOLICIT; 820 break; 821 case DH6S_REQUEST: 822 type = DHCP6_REQUEST; 823 break; 824 case DH6S_CONFIRM: 825 type = DHCP6_CONFIRM; 826 break; 827 case DH6S_REBIND: 828 type = DHCP6_REBIND; 829 break; 830 case DH6S_RENEW: 831 type = DHCP6_RENEW; 832 break; 833 case DH6S_INFORM: 834 type = DHCP6_INFORMATION_REQ; 835 break; 836 case DH6S_RELEASE: 837 type = DHCP6_RELEASE; 838 break; 839 default: 840 errno = EINVAL; 841 return -1; 842 } 843 844 switch(state->state) { 845 case DH6S_REQUEST: /* FALLTHROUGH */ 846 case DH6S_RENEW: /* FALLTHROUGH */ 847 case DH6S_RELEASE: 848 if (has_option_mask(ifo->nomask6, D6_OPTION_UNICAST)) { 849 unicast = NULL; 850 break; 851 } 852 unicast = dhcp6_findmoption(m, ml, D6_OPTION_UNICAST, &uni_len); 853 break; 854 default: 855 unicast = NULL; 856 break; 857 } 858 859 /* In non master mode we listen and send from fixed addresses. 860 * We should try and match an address we have to unicast to, 861 * but for now this is the safest policy. */ 862 if (unicast != NULL && !(ifp->ctx->options & DHCPCD_MASTER)) { 863 logdebugx("%s: ignoring unicast option as not master", 864 ifp->name); 865 unicast = NULL; 866 } 867 868 #ifdef AUTH 869 auth_len = 0; 870 if (ifo->auth.options & DHCPCD_AUTH_SEND) { 871 ssize_t alen = dhcp_auth_encode(&ifo->auth, 872 state->auth.token, NULL, 0, 6, type, NULL, 0); 873 if (alen != -1 && alen > UINT16_MAX) { 874 errno = ERANGE; 875 alen = -1; 876 } 877 if (alen == -1) 878 logerr("%s: %s: dhcp_auth_encode", __func__, ifp->name); 879 else if (alen != 0) { 880 auth_len = (uint16_t)alen; 881 len += sizeof(o) + auth_len; 882 } 883 } 884 #endif 885 886 state->send = malloc(len); 887 if (state->send == NULL) 888 return -1; 889 890 state->send_len = len; 891 state->send->type = type; 892 893 /* If we found a unicast option, copy it to our state for sending */ 894 if (unicast && uni_len == sizeof(state->unicast)) 895 memcpy(&state->unicast, unicast, sizeof(state->unicast)); 896 else 897 state->unicast = in6addr_any; 898 899 dhcp6_newxid(ifp, state->send); 900 901 #define COPYIN1(_code, _len) { \ 902 o.code = htons((_code)); \ 903 o.len = htons((_len)); \ 904 memcpy(p, &o, sizeof(o)); \ 905 p += sizeof(o); \ 906 } 907 #define COPYIN(_code, _data, _len) do { \ 908 COPYIN1((_code), (_len)); \ 909 if ((_len) != 0) { \ 910 memcpy(p, (_data), (_len)); \ 911 p += (_len); \ 912 } \ 913 } while (0 /* CONSTCOND */) 914 #define NEXTLEN (p + offsetof(struct dhcp6_option, len)) 915 916 /* Options are listed in numerical order as per RFC 7844 Section 4.1 917 * XXX: They should be randomised. */ 918 919 p = (uint8_t *)state->send + sizeof(*state->send); 920 if (ifo->options & DHCPCD_ANONYMOUS) 921 COPYIN(D6_OPTION_CLIENTID, duid, 922 (uint16_t)duid_len); 923 else 924 COPYIN(D6_OPTION_CLIENTID, ifp->ctx->duid, 925 (uint16_t)ifp->ctx->duid_len); 926 927 if (si != NULL) 928 COPYIN(D6_OPTION_SERVERID, si, si_len); 929 930 for (l = 0; IA && l < ifo->ia_len; l++) { 931 ifia = &ifo->ia[l]; 932 o_lenp = NEXTLEN; 933 /* TA structure is the same as the others, 934 * it just lacks the T1 and T2 timers. 935 * These happen to be at the end of the struct, 936 * so we just don't copy them in. */ 937 if (ifia->ia_type == D6_OPTION_IA_TA) 938 ia_na_len = sizeof(struct dhcp6_ia_ta); 939 else 940 ia_na_len = sizeof(ia_na); 941 memcpy(ia_na.iaid, ifia->iaid, sizeof(ia_na.iaid)); 942 ia_na.t1 = 0; 943 ia_na.t2 = 0; 944 COPYIN(ifia->ia_type, &ia_na, ia_na_len); 945 TAILQ_FOREACH(ap, &state->addrs, next) { 946 if (ap->flags & IPV6_AF_STALE) 947 continue; 948 if (!(ap->flags & IPV6_AF_REQUEST) && 949 (ap->prefix_vltime == 0 || 950 state->state == DH6S_DISCOVER)) 951 continue; 952 if (ap->ia_type != ifia->ia_type) 953 continue; 954 if (memcmp(ap->iaid, ifia->iaid, sizeof(ap->iaid))) 955 continue; 956 if (ap->ia_type == D6_OPTION_IA_PD) { 957 #ifndef SMALL 958 struct dhcp6_pd_addr pdp; 959 960 pdp.pltime = htonl(ap->prefix_pltime); 961 pdp.vltime = htonl(ap->prefix_vltime); 962 pdp.prefix_len = ap->prefix_len; 963 /* pdp.prefix is not aligned, so copy it in. */ 964 memcpy(&pdp.prefix, &ap->prefix, sizeof(pdp.prefix)); 965 COPYIN(D6_OPTION_IAPREFIX, &pdp, sizeof(pdp)); 966 ia_na_len = (uint16_t) 967 (ia_na_len + sizeof(o) + sizeof(pdp)); 968 969 /* RFC6603 Section 4.2 */ 970 if (ap->prefix_exclude_len) { 971 uint8_t exb[16], *ep, u8; 972 const uint8_t *pp; 973 974 n = (size_t)((ap->prefix_exclude_len - 975 ap->prefix_len - 1) / NBBY) + 1; 976 ep = exb; 977 *ep++ = (uint8_t)ap->prefix_exclude_len; 978 pp = ap->prefix_exclude.s6_addr; 979 pp += (size_t) 980 ((ap->prefix_len - 1) / NBBY) + 981 (n - 1); 982 u8 = ap->prefix_len % NBBY; 983 if (u8) 984 n--; 985 while (n-- > 0) 986 *ep++ = *pp--; 987 if (u8) 988 *ep = (uint8_t)(*pp << u8); 989 n++; 990 COPYIN(D6_OPTION_PD_EXCLUDE, exb, 991 (uint16_t)n); 992 ia_na_len = (uint16_t) 993 (ia_na_len + sizeof(o) + n); 994 } 995 #endif 996 } else { 997 struct dhcp6_ia_addr ia; 998 999 ia.addr = ap->addr; 1000 ia.pltime = htonl(ap->prefix_pltime); 1001 ia.vltime = htonl(ap->prefix_vltime); 1002 COPYIN(D6_OPTION_IA_ADDR, &ia, sizeof(ia)); 1003 ia_na_len = (uint16_t) 1004 (ia_na_len + sizeof(o) + sizeof(ia)); 1005 } 1006 } 1007 1008 /* Update the total option lenth. */ 1009 ia_na_len = htons(ia_na_len); 1010 memcpy(o_lenp, &ia_na_len, sizeof(ia_na_len)); 1011 } 1012 1013 if (state->send->type != DHCP6_RELEASE && n_options) { 1014 o_lenp = NEXTLEN; 1015 o.len = 0; 1016 COPYIN1(D6_OPTION_ORO, 0); 1017 for (l = 0, opt = ifp->ctx->dhcp6_opts; 1018 l < ifp->ctx->dhcp6_opts_len; 1019 l++, opt++) 1020 { 1021 #ifndef SMALL 1022 for (n = 0, opt2 = ifo->dhcp6_override; 1023 n < ifo->dhcp6_override_len; 1024 n++, opt2++) 1025 { 1026 if (opt->option == opt2->option) 1027 break; 1028 } 1029 if (n < ifo->dhcp6_override_len) 1030 continue; 1031 #endif 1032 if (!DHC_REQOPT(opt, ifo->requestmask6, ifo->nomask6)) 1033 continue; 1034 o.code = htons((uint16_t)opt->option); 1035 memcpy(p, &o.code, sizeof(o.code)); 1036 p += sizeof(o.code); 1037 o.len = (uint16_t)(o.len + sizeof(o.code)); 1038 } 1039 #ifndef SMALL 1040 for (l = 0, opt = ifo->dhcp6_override; 1041 l < ifo->dhcp6_override_len; 1042 l++, opt++) 1043 { 1044 if (!DHC_REQOPT(opt, ifo->requestmask6, ifo->nomask6)) 1045 continue; 1046 o.code = htons((uint16_t)opt->option); 1047 memcpy(p, &o.code, sizeof(o.code)); 1048 p += sizeof(o.code); 1049 o.len = (uint16_t)(o.len + sizeof(o.code)); 1050 } 1051 if (dhcp6_findselfsla(ifp)) { 1052 o.code = htons(D6_OPTION_PD_EXCLUDE); 1053 memcpy(p, &o.code, sizeof(o.code)); 1054 p += sizeof(o.code); 1055 o.len = (uint16_t)(o.len + sizeof(o.code)); 1056 } 1057 #endif 1058 o.len = htons(o.len); 1059 memcpy(o_lenp, &o.len, sizeof(o.len)); 1060 } 1061 1062 si_len = 0; 1063 COPYIN(D6_OPTION_ELAPSED, &si_len, sizeof(si_len)); 1064 1065 if (state->state == DH6S_DISCOVER && 1066 !(ifp->ctx->options & DHCPCD_TEST) && 1067 DHC_REQ(ifo->requestmask6, ifo->nomask6, D6_OPTION_RAPID_COMMIT)) 1068 COPYIN1(D6_OPTION_RAPID_COMMIT, 0); 1069 1070 if (!has_option_mask(ifo->nomask6, D6_OPTION_USER_CLASS)) 1071 p += dhcp6_makeuser(p, ifp); 1072 if (!has_option_mask(ifo->nomask6, D6_OPTION_VENDOR_CLASS)) 1073 p += dhcp6_makevendor(p, ifp); 1074 1075 if (state->send->type != DHCP6_RELEASE) { 1076 if (fqdn != FQDN_DISABLE) { 1077 o_lenp = NEXTLEN; 1078 COPYIN1(D6_OPTION_FQDN, 0); 1079 if (hl == 0) 1080 *p = D6_FQDN_NONE; 1081 else { 1082 switch (fqdn) { 1083 case FQDN_BOTH: 1084 *p = D6_FQDN_BOTH; 1085 break; 1086 case FQDN_PTR: 1087 *p = D6_FQDN_PTR; 1088 break; 1089 default: 1090 *p = D6_FQDN_NONE; 1091 break; 1092 } 1093 } 1094 p++; 1095 encode_rfc1035(hostname, p); 1096 p += hl; 1097 o.len = htons((uint16_t)(hl + 1)); 1098 memcpy(o_lenp, &o.len, sizeof(o.len)); 1099 } 1100 1101 if (!has_option_mask(ifo->nomask6, D6_OPTION_MUDURL) && 1102 ifo->mudurl[0]) 1103 COPYIN(D6_OPTION_MUDURL, 1104 ifo->mudurl + 1, ifo->mudurl[0]); 1105 1106 #ifdef AUTH 1107 if ((ifo->auth.options & DHCPCD_AUTH_SENDREQUIRE) != 1108 DHCPCD_AUTH_SENDREQUIRE && 1109 DHC_REQ(ifo->requestmask6, ifo->nomask6, 1110 D6_OPTION_RECONF_ACCEPT)) 1111 COPYIN1(D6_OPTION_RECONF_ACCEPT, 0); 1112 #endif 1113 1114 } 1115 1116 #ifdef AUTH 1117 /* This has to be the last option */ 1118 if (ifo->auth.options & DHCPCD_AUTH_SEND && auth_len != 0) { 1119 COPYIN1(D6_OPTION_AUTH, auth_len); 1120 /* data will be filled at send message time */ 1121 } 1122 #endif 1123 1124 return 0; 1125 } 1126 1127 static const char * 1128 dhcp6_get_op(uint16_t type) 1129 { 1130 const struct dhcp6_op *d; 1131 1132 for (d = dhcp6_ops; d->name; d++) 1133 if (d->type == type) 1134 return d->name; 1135 return NULL; 1136 } 1137 1138 static void 1139 dhcp6_freedrop_addrs(struct interface *ifp, int drop, 1140 const struct interface *ifd) 1141 { 1142 struct dhcp6_state *state; 1143 1144 state = D6_STATE(ifp); 1145 if (state) { 1146 ipv6_freedrop_addrs(&state->addrs, drop, ifd); 1147 if (drop) 1148 rt_build(ifp->ctx, AF_INET6); 1149 } 1150 } 1151 1152 #ifndef SMALL 1153 static void dhcp6_delete_delegates(struct interface *ifp) 1154 { 1155 struct interface *ifp0; 1156 1157 if (ifp->ctx->ifaces) { 1158 TAILQ_FOREACH(ifp0, ifp->ctx->ifaces, next) { 1159 if (ifp0 != ifp) 1160 dhcp6_freedrop_addrs(ifp0, 1, ifp); 1161 } 1162 } 1163 } 1164 #endif 1165 1166 #ifdef AUTH 1167 static ssize_t 1168 dhcp6_update_auth(struct interface *ifp, struct dhcp6_message *m, size_t len) 1169 { 1170 struct dhcp6_state *state; 1171 uint8_t *opt; 1172 uint16_t opt_len; 1173 1174 opt = dhcp6_findmoption(m, len, D6_OPTION_AUTH, &opt_len); 1175 if (opt == NULL) 1176 return -1; 1177 1178 state = D6_STATE(ifp); 1179 return dhcp_auth_encode(&ifp->options->auth, state->auth.token, 1180 (uint8_t *)state->send, state->send_len, 1181 6, state->send->type, opt, opt_len); 1182 } 1183 #endif 1184 1185 static int 1186 dhcp6_sendmessage(struct interface *ifp, void (*callback)(void *)) 1187 { 1188 struct dhcp6_state *state = D6_STATE(ifp); 1189 struct dhcpcd_ctx *ctx = ifp->ctx; 1190 struct sockaddr_in6 dst = { 1191 .sin6_family = AF_INET6, 1192 .sin6_port = htons(DHCP6_SERVER_PORT), 1193 }; 1194 unsigned int RT; 1195 const char *broad_uni; 1196 const struct in6_addr alldhcp = IN6ADDR_LINKLOCAL_ALLDHCP_INIT; 1197 struct ipv6_addr *lla; 1198 int s; 1199 struct iovec iov = { 1200 .iov_base = state->send, .iov_len = state->send_len, 1201 }; 1202 unsigned char ctl[CMSG_SPACE(sizeof(struct in6_pktinfo))] = { 0 }; 1203 struct msghdr msg = { 1204 .msg_name = &dst, .msg_namelen = sizeof(dst), 1205 .msg_iov = &iov, .msg_iovlen = 1, 1206 }; 1207 1208 if (!callback && ifp->carrier <= LINK_DOWN) 1209 return 0; 1210 1211 #ifdef HAVE_SA_LEN 1212 dst.sin6_len = sizeof(dst); 1213 #endif 1214 1215 lla = ipv6_linklocal(ifp); 1216 /* We need to ensure we have sufficient scope to unicast the address */ 1217 /* XXX FIXME: We should check any added addresses we have like from 1218 * a Router Advertisement */ 1219 if (IN6_IS_ADDR_UNSPECIFIED(&state->unicast) || 1220 (state->state == DH6S_REQUEST && 1221 (!IN6_IS_ADDR_LINKLOCAL(&state->unicast) || lla == NULL))) 1222 { 1223 dst.sin6_addr = alldhcp; 1224 broad_uni = "broadcasting"; 1225 } else { 1226 dst.sin6_addr = state->unicast; 1227 broad_uni = "unicasting"; 1228 } 1229 1230 if (!callback) { 1231 logdebugx("%s: %s %s with xid 0x%02x%02x%02x", 1232 ifp->name, 1233 broad_uni, 1234 dhcp6_get_op(state->send->type), 1235 state->send->xid[0], 1236 state->send->xid[1], 1237 state->send->xid[2]); 1238 RT = 0; 1239 } else { 1240 if (state->IMD && 1241 !(ifp->options->options & DHCPCD_INITIAL_DELAY)) 1242 state->IMD = 0; 1243 if (state->IMD) { 1244 state->RT = state->IMD * MSEC_PER_SEC; 1245 /* Some buggy PPP servers close the link too early 1246 * after sending an invalid status in their reply 1247 * which means this host won't see it. 1248 * 1 second grace seems to be the sweet spot. */ 1249 if (ifp->flags & IFF_POINTOPOINT) 1250 state->RT += MSEC_PER_SEC; 1251 broad_uni = "delaying"; 1252 } else if (state->RTC == 0) 1253 state->RT = state->IRT * MSEC_PER_SEC; 1254 1255 if (state->MRT != 0) { 1256 unsigned int mrt = state->MRT * MSEC_PER_SEC; 1257 1258 if (state->RT > mrt) 1259 state->RT = mrt; 1260 } 1261 1262 /* Add -.1 to .1 * RT randomness as per RFC8415 section 15 */ 1263 uint32_t lru = arc4random_uniform( 1264 state->RTC == 0 ? DHCP6_RAND_MAX 1265 : DHCP6_RAND_MAX - DHCP6_RAND_MIN); 1266 int lr = (int)lru - (state->RTC == 0 ? 0 : DHCP6_RAND_MAX); 1267 RT = state->RT 1268 + (unsigned int)((float)state->RT 1269 * ((float)lr / DHCP6_RAND_DIV)); 1270 1271 if (ifp->carrier > LINK_DOWN) 1272 logdebugx("%s: %s %s (xid 0x%02x%02x%02x)," 1273 " next in %0.1f seconds", 1274 ifp->name, 1275 broad_uni, 1276 dhcp6_get_op(state->send->type), 1277 state->send->xid[0], 1278 state->send->xid[1], 1279 state->send->xid[2], 1280 (float)RT / MSEC_PER_SEC); 1281 1282 /* Wait the initial delay */ 1283 if (state->IMD != 0) { 1284 state->IMD = 0; 1285 eloop_timeout_add_msec(ctx->eloop, RT, callback, ifp); 1286 return 0; 1287 } 1288 } 1289 1290 if (ifp->carrier <= LINK_DOWN) 1291 return 0; 1292 1293 /* Update the elapsed time */ 1294 dhcp6_updateelapsed(ifp, state->send, state->send_len); 1295 #ifdef AUTH 1296 if (ifp->options->auth.options & DHCPCD_AUTH_SEND && 1297 dhcp6_update_auth(ifp, state->send, state->send_len) == -1) 1298 { 1299 logerr("%s: %s: dhcp6_updateauth", __func__, ifp->name); 1300 if (errno != ESRCH) 1301 return -1; 1302 } 1303 #endif 1304 1305 /* Set the outbound interface */ 1306 if (IN6_ARE_ADDR_EQUAL(&dst.sin6_addr, &alldhcp)) { 1307 struct cmsghdr *cm; 1308 struct in6_pktinfo pi = { .ipi6_ifindex = ifp->index }; 1309 1310 dst.sin6_scope_id = ifp->index; 1311 msg.msg_control = ctl; 1312 msg.msg_controllen = sizeof(ctl); 1313 cm = CMSG_FIRSTHDR(&msg); 1314 if (cm == NULL) /* unlikely */ 1315 return -1; 1316 cm->cmsg_level = IPPROTO_IPV6; 1317 cm->cmsg_type = IPV6_PKTINFO; 1318 cm->cmsg_len = CMSG_LEN(sizeof(pi)); 1319 memcpy(CMSG_DATA(cm), &pi, sizeof(pi)); 1320 } 1321 1322 #ifdef PRIVSEP 1323 if (IN_PRIVSEP(ifp->ctx)) { 1324 struct ipv6_addr *ia; 1325 1326 if (IN6_ARE_ADDR_EQUAL(&dst.sin6_addr, &alldhcp)) 1327 ia = lla; 1328 else { 1329 /* Find an IA to send from */ 1330 TAILQ_FOREACH(ia, &state->addrs, next) { 1331 if (ia->flags & IPV6_AF_STALE) 1332 continue; 1333 if (ia->addr_flags & IN6_IFF_NOTUSEABLE) 1334 continue; 1335 if (ia->ia_type == D6_OPTION_IA_PD) 1336 continue; 1337 break; 1338 } 1339 } 1340 if (ia == NULL) { 1341 if (lla == NULL) { 1342 logerrx("%s: no address to send from", 1343 ifp->name); 1344 return -1; 1345 } 1346 ia = lla; 1347 } 1348 if (ps_inet_senddhcp6(ia, &msg) == -1) 1349 logerr(__func__); 1350 goto sent; 1351 } 1352 #endif 1353 1354 if (ctx->dhcp6_fd != -1) 1355 s = ctx->dhcp6_fd; 1356 else if (lla != NULL && lla->dhcp6_fd != -1) 1357 s = lla->dhcp6_fd; 1358 else { 1359 logerrx("%s: no socket to send from", ifp->name); 1360 return -1; 1361 } 1362 1363 if (sendmsg(s, &msg, 0) == -1) { 1364 logerr("%s: %s: sendmsg", __func__, ifp->name); 1365 /* Allow DHCPv6 to continue .... the errors 1366 * would be rate limited by the protocol. 1367 * Generally the error is ENOBUFS when struggling to 1368 * associate with an access point. */ 1369 } 1370 1371 #ifdef PRIVSEP 1372 sent: 1373 #endif 1374 state->RTC++; 1375 if (callback) { 1376 state->RT = RT * 2; 1377 if (state->RT < RT) /* Check overflow */ 1378 state->RT = RT; 1379 if (state->MRC == 0 || state->RTC < state->MRC) 1380 eloop_timeout_add_msec(ctx->eloop, 1381 RT, callback, ifp); 1382 else if (state->MRC != 0 && state->MRCcallback) 1383 eloop_timeout_add_msec(ctx->eloop, 1384 RT, state->MRCcallback, ifp); 1385 else 1386 logwarnx("%s: sent %d times with no reply", 1387 ifp->name, state->RTC); 1388 } 1389 return 0; 1390 } 1391 1392 static void 1393 dhcp6_sendinform(void *arg) 1394 { 1395 1396 dhcp6_sendmessage(arg, dhcp6_sendinform); 1397 } 1398 1399 static void 1400 dhcp6_senddiscover(void *arg) 1401 { 1402 1403 dhcp6_sendmessage(arg, dhcp6_senddiscover); 1404 } 1405 1406 static void 1407 dhcp6_sendrequest(void *arg) 1408 { 1409 1410 dhcp6_sendmessage(arg, dhcp6_sendrequest); 1411 } 1412 1413 static void 1414 dhcp6_sendrebind(void *arg) 1415 { 1416 1417 dhcp6_sendmessage(arg, dhcp6_sendrebind); 1418 } 1419 1420 static void 1421 dhcp6_sendrenew(void *arg) 1422 { 1423 1424 dhcp6_sendmessage(arg, dhcp6_sendrenew); 1425 } 1426 1427 static void 1428 dhcp6_sendconfirm(void *arg) 1429 { 1430 1431 dhcp6_sendmessage(arg, dhcp6_sendconfirm); 1432 } 1433 1434 static void 1435 dhcp6_sendrelease(void *arg) 1436 { 1437 1438 dhcp6_sendmessage(arg, dhcp6_sendrelease); 1439 } 1440 1441 static void 1442 dhcp6_startrenew(void *arg) 1443 { 1444 struct interface *ifp; 1445 struct dhcp6_state *state; 1446 1447 ifp = arg; 1448 if ((state = D6_STATE(ifp)) == NULL) 1449 return; 1450 1451 /* Only renew in the bound or renew states */ 1452 if (state->state != DH6S_BOUND && 1453 state->state != DH6S_RENEW) 1454 return; 1455 1456 /* Remove the timeout as the renew may have been forced. */ 1457 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_startrenew, ifp); 1458 1459 state->state = DH6S_RENEW; 1460 state->RTC = 0; 1461 state->IMD = REN_MAX_DELAY; 1462 state->IRT = REN_TIMEOUT; 1463 state->MRT = REN_MAX_RT; 1464 state->MRC = 0; 1465 1466 if (dhcp6_makemessage(ifp) == -1) 1467 logerr("%s: %s", __func__, ifp->name); 1468 else 1469 dhcp6_sendrenew(ifp); 1470 } 1471 1472 void dhcp6_renew(struct interface *ifp) 1473 { 1474 1475 dhcp6_startrenew(ifp); 1476 } 1477 1478 int 1479 dhcp6_dadcompleted(const struct interface *ifp) 1480 { 1481 const struct dhcp6_state *state; 1482 const struct ipv6_addr *ap; 1483 1484 state = D6_CSTATE(ifp); 1485 TAILQ_FOREACH(ap, &state->addrs, next) { 1486 if (ap->flags & IPV6_AF_ADDED && 1487 !(ap->flags & IPV6_AF_DADCOMPLETED)) 1488 return 0; 1489 } 1490 return 1; 1491 } 1492 1493 static void 1494 dhcp6_dadcallback(void *arg) 1495 { 1496 struct ipv6_addr *ia = arg; 1497 struct interface *ifp; 1498 struct dhcp6_state *state; 1499 int wascompleted, valid; 1500 1501 wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED); 1502 ia->flags |= IPV6_AF_DADCOMPLETED; 1503 if (ia->flags & IPV6_AF_DUPLICATED) { 1504 /* XXX FIXME 1505 * We should decline the address */ 1506 logwarnx("%s: DAD detected %s", ia->iface->name, ia->saddr); 1507 } 1508 1509 if (!wascompleted) { 1510 ifp = ia->iface; 1511 1512 state = D6_STATE(ifp); 1513 if (state->state == DH6S_BOUND || 1514 state->state == DH6S_DELEGATED) 1515 { 1516 struct ipv6_addr *ia2; 1517 1518 #ifdef SMALL 1519 valid = true; 1520 #else 1521 valid = (ia->delegating_prefix == NULL); 1522 #endif 1523 TAILQ_FOREACH(ia2, &state->addrs, next) { 1524 if (ia2->flags & IPV6_AF_ADDED && 1525 !(ia2->flags & IPV6_AF_DADCOMPLETED)) 1526 { 1527 wascompleted = 1; 1528 break; 1529 } 1530 } 1531 if (!wascompleted) { 1532 logdebugx("%s: DHCPv6 DAD completed", 1533 ifp->name); 1534 script_runreason(ifp, 1535 #ifndef SMALL 1536 ia->delegating_prefix ? "DELEGATED6" : 1537 #endif 1538 state->reason); 1539 if (valid) 1540 dhcpcd_daemonise(ifp->ctx); 1541 } 1542 #ifdef ND6_ADVERTISE 1543 ipv6nd_advertise(ia); 1544 #endif 1545 } 1546 } 1547 } 1548 1549 static void 1550 dhcp6_addrequestedaddrs(struct interface *ifp) 1551 { 1552 struct dhcp6_state *state; 1553 size_t i; 1554 struct if_ia *ia; 1555 struct ipv6_addr *a; 1556 1557 state = D6_STATE(ifp); 1558 /* Add any requested prefixes / addresses */ 1559 for (i = 0; i < ifp->options->ia_len; i++) { 1560 ia = &ifp->options->ia[i]; 1561 if (!((ia->ia_type == D6_OPTION_IA_PD && ia->prefix_len) || 1562 !IN6_IS_ADDR_UNSPECIFIED(&ia->addr))) 1563 continue; 1564 a = ipv6_newaddr(ifp, &ia->addr, 1565 /* 1566 * RFC 5942 Section 5 1567 * We cannot assume any prefix length, nor tie the 1568 * address to an existing one as it could expire 1569 * before the address. 1570 * As such we just give it a 128 prefix. 1571 */ 1572 ia->ia_type == D6_OPTION_IA_PD ? ia->prefix_len : 128, 1573 IPV6_AF_REQUEST); 1574 if (a == NULL) 1575 continue; 1576 a->dadcallback = dhcp6_dadcallback; 1577 memcpy(&a->iaid, &ia->iaid, sizeof(a->iaid)); 1578 a->ia_type = ia->ia_type; 1579 TAILQ_INSERT_TAIL(&state->addrs, a, next); 1580 } 1581 } 1582 1583 static void 1584 dhcp6_startdiscover(void *arg) 1585 { 1586 struct interface *ifp; 1587 struct dhcp6_state *state; 1588 int llevel; 1589 1590 ifp = arg; 1591 state = D6_STATE(ifp); 1592 #ifndef SMALL 1593 if (state->reason == NULL || strcmp(state->reason, "TIMEOUT6") != 0) 1594 dhcp6_delete_delegates(ifp); 1595 #endif 1596 if (state->new == NULL && !state->failed) 1597 llevel = LOG_INFO; 1598 else 1599 llevel = LOG_DEBUG; 1600 logmessage(llevel, "%s: soliciting a DHCPv6 lease", ifp->name); 1601 state->state = DH6S_DISCOVER; 1602 state->RTC = 0; 1603 state->IMD = SOL_MAX_DELAY; 1604 state->IRT = SOL_TIMEOUT; 1605 state->MRT = state->sol_max_rt; 1606 state->MRC = SOL_MAX_RC; 1607 1608 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp); 1609 free(state->new); 1610 state->new = NULL; 1611 state->new_len = 0; 1612 1613 if (dhcp6_makemessage(ifp) == -1) 1614 logerr("%s: %s", __func__, ifp->name); 1615 else 1616 dhcp6_senddiscover(ifp); 1617 } 1618 1619 static void 1620 dhcp6_startinform(void *arg) 1621 { 1622 struct interface *ifp; 1623 struct dhcp6_state *state; 1624 int llevel; 1625 1626 ifp = arg; 1627 state = D6_STATE(ifp); 1628 if (state->new == NULL && !state->failed) 1629 llevel = LOG_INFO; 1630 else 1631 llevel = LOG_DEBUG; 1632 logmessage(llevel, "%s: requesting DHCPv6 information", ifp->name); 1633 state->state = DH6S_INFORM; 1634 state->RTC = 0; 1635 state->IMD = INF_MAX_DELAY; 1636 state->IRT = INF_TIMEOUT; 1637 state->MRT = state->inf_max_rt; 1638 state->MRC = 0; 1639 1640 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp); 1641 if (dhcp6_makemessage(ifp) == -1) { 1642 logerr("%s: %s", __func__, ifp->name); 1643 return; 1644 } 1645 dhcp6_sendinform(ifp); 1646 /* RFC3315 18.1.2 says that if CONFIRM failed then the prior addresses 1647 * SHOULD be used. The wording here is poor, because the addresses are 1648 * merely one facet of the lease as a whole. 1649 * This poor wording might explain the lack of similar text for INFORM 1650 * in 18.1.5 because there are no addresses in the INFORM message. */ 1651 eloop_timeout_add_sec(ifp->ctx->eloop, 1652 INF_MAX_RD, dhcp6_failinform, ifp); 1653 } 1654 1655 static bool 1656 dhcp6_startdiscoinform(struct interface *ifp) 1657 { 1658 unsigned long long opts = ifp->options->options; 1659 1660 if (opts & DHCPCD_IA_FORCED || ipv6nd_hasradhcp(ifp, true)) 1661 dhcp6_startdiscover(ifp); 1662 else if (opts & DHCPCD_INFORM6 || ipv6nd_hasradhcp(ifp, false)) 1663 dhcp6_startinform(ifp); 1664 else 1665 return false; 1666 return true; 1667 } 1668 1669 static void 1670 dhcp6_leaseextend(struct interface *ifp) 1671 { 1672 struct dhcp6_state *state = D6_STATE(ifp); 1673 struct ipv6_addr *ia; 1674 1675 logwarnx("%s: extending DHCPv6 lease", ifp->name); 1676 TAILQ_FOREACH(ia, &state->addrs, next) { 1677 ia->flags |= IPV6_AF_EXTENDED; 1678 /* Set infinite lifetimes. */ 1679 ia->prefix_pltime = ND6_INFINITE_LIFETIME; 1680 ia->prefix_vltime = ND6_INFINITE_LIFETIME; 1681 } 1682 } 1683 1684 static void 1685 dhcp6_fail(struct interface* ifp) 1686 { 1687 struct dhcp6_state *state = D6_STATE(ifp); 1688 1689 state->failed = true; 1690 1691 /* RFC3315 18.1.2 says that prior addresses SHOULD be used on failure. 1692 * RFC2131 3.2.3 says that MAY chose to use the prior address. 1693 * Because dhcpcd was written first for RFC2131, we have the LASTLEASE 1694 * option which defaults to off as that makes the most sense for 1695 * mobile clients. 1696 * dhcpcd also has LASTLEASE_EXTEND to extend this lease past it's 1697 * expiry, but this is strictly not RFC compliant in any way or form. */ 1698 if (state->new != NULL && 1699 ifp->options->options & DHCPCD_LASTLEASE_EXTEND) 1700 { 1701 dhcp6_leaseextend(ifp); 1702 dhcp6_bind(ifp, NULL, NULL); 1703 } else { 1704 dhcp6_freedrop_addrs(ifp, 1, NULL); 1705 #ifndef SMALL 1706 dhcp6_delete_delegates(ifp); 1707 #endif 1708 free(state->old); 1709 state->old = state->new; 1710 state->old_len = state->new_len; 1711 state->new = NULL; 1712 state->new_len = 0; 1713 if (state->old != NULL) 1714 script_runreason(ifp, "EXPIRE6"); 1715 unlink(state->leasefile); 1716 } 1717 1718 if (!dhcp6_startdiscoinform(ifp)) { 1719 logwarnx("%s: no advertising IPv6 router wants DHCP",ifp->name); 1720 state->state = DH6S_INIT; 1721 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp); 1722 } 1723 } 1724 1725 static int 1726 dhcp6_failloglevel(struct interface *ifp) 1727 { 1728 const struct dhcp6_state *state = D6_CSTATE(ifp); 1729 1730 return state->failed ? LOG_DEBUG : LOG_ERR; 1731 } 1732 1733 static void 1734 dhcp6_failconfirm(void *arg) 1735 { 1736 struct interface *ifp = arg; 1737 int llevel = dhcp6_failloglevel(ifp); 1738 1739 logmessage(llevel, "%s: failed to confirm prior DHCPv6 address", 1740 ifp->name); 1741 dhcp6_fail(ifp); 1742 } 1743 1744 static void 1745 dhcp6_failrequest(void *arg) 1746 { 1747 struct interface *ifp = arg; 1748 int llevel = dhcp6_failloglevel(ifp); 1749 1750 logmessage(llevel, "%s: failed to request DHCPv6 address", ifp->name); 1751 dhcp6_fail(ifp); 1752 } 1753 1754 static void 1755 dhcp6_failinform(void *arg) 1756 { 1757 struct interface *ifp = arg; 1758 int llevel = dhcp6_failloglevel(ifp); 1759 1760 logmessage(llevel, "%s: failed to request DHCPv6 information", 1761 ifp->name); 1762 dhcp6_fail(ifp); 1763 } 1764 1765 #ifndef SMALL 1766 static void 1767 dhcp6_failrebind(void *arg) 1768 { 1769 struct interface *ifp = arg; 1770 1771 logerrx("%s: failed to rebind prior DHCPv6 delegation", ifp->name); 1772 dhcp6_fail(ifp); 1773 } 1774 1775 static int 1776 dhcp6_hasprefixdelegation(struct interface *ifp) 1777 { 1778 size_t i; 1779 uint16_t t; 1780 1781 t = 0; 1782 for (i = 0; i < ifp->options->ia_len; i++) { 1783 if (t && t != ifp->options->ia[i].ia_type) { 1784 if (t == D6_OPTION_IA_PD || 1785 ifp->options->ia[i].ia_type == D6_OPTION_IA_PD) 1786 return 2; 1787 } 1788 t = ifp->options->ia[i].ia_type; 1789 } 1790 return t == D6_OPTION_IA_PD ? 1 : 0; 1791 } 1792 #endif 1793 1794 static void 1795 dhcp6_startrebind(void *arg) 1796 { 1797 struct interface *ifp; 1798 struct dhcp6_state *state; 1799 #ifndef SMALL 1800 int pd; 1801 #endif 1802 1803 ifp = arg; 1804 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_sendrenew, ifp); 1805 state = D6_STATE(ifp); 1806 if (state->state == DH6S_RENEW) 1807 logwarnx("%s: failed to renew DHCPv6, rebinding", ifp->name); 1808 else 1809 loginfox("%s: rebinding prior DHCPv6 lease", ifp->name); 1810 state->state = DH6S_REBIND; 1811 state->RTC = 0; 1812 state->MRC = 0; 1813 1814 #ifndef SMALL 1815 /* RFC 3633 section 12.1 */ 1816 pd = dhcp6_hasprefixdelegation(ifp); 1817 if (pd) { 1818 state->IMD = CNF_MAX_DELAY; 1819 state->IRT = CNF_TIMEOUT; 1820 state->MRT = CNF_MAX_RT; 1821 } else 1822 #endif 1823 { 1824 state->IMD = REB_MAX_DELAY; 1825 state->IRT = REB_TIMEOUT; 1826 state->MRT = REB_MAX_RT; 1827 } 1828 1829 if (dhcp6_makemessage(ifp) == -1) 1830 logerr("%s: %s", __func__, ifp->name); 1831 else 1832 dhcp6_sendrebind(ifp); 1833 1834 #ifndef SMALL 1835 /* RFC 3633 section 12.1 */ 1836 if (pd) 1837 eloop_timeout_add_sec(ifp->ctx->eloop, 1838 CNF_MAX_RD, dhcp6_failrebind, ifp); 1839 #endif 1840 } 1841 1842 1843 static void 1844 dhcp6_startrequest(struct interface *ifp) 1845 { 1846 struct dhcp6_state *state; 1847 1848 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_senddiscover, ifp); 1849 state = D6_STATE(ifp); 1850 state->state = DH6S_REQUEST; 1851 state->RTC = 0; 1852 state->IMD = 0; 1853 state->IRT = REQ_TIMEOUT; 1854 state->MRT = REQ_MAX_RT; 1855 state->MRC = REQ_MAX_RC; 1856 state->MRCcallback = dhcp6_failrequest; 1857 1858 if (dhcp6_makemessage(ifp) == -1) { 1859 logerr("%s: %s", __func__, ifp->name); 1860 return; 1861 } 1862 1863 dhcp6_sendrequest(ifp); 1864 } 1865 1866 static void 1867 dhcp6_startconfirm(struct interface *ifp) 1868 { 1869 struct dhcp6_state *state; 1870 1871 state = D6_STATE(ifp); 1872 state->state = DH6S_CONFIRM; 1873 state->RTC = 0; 1874 state->IMD = CNF_MAX_DELAY; 1875 state->IRT = CNF_TIMEOUT; 1876 state->MRT = CNF_MAX_RT; 1877 state->MRC = CNF_MAX_RC; 1878 1879 loginfox("%s: confirming prior DHCPv6 lease", ifp->name); 1880 if (dhcp6_makemessage(ifp) == -1) { 1881 logerr("%s: %s", __func__, ifp->name); 1882 return; 1883 } 1884 dhcp6_sendconfirm(ifp); 1885 eloop_timeout_add_sec(ifp->ctx->eloop, 1886 CNF_MAX_RD, dhcp6_failconfirm, ifp); 1887 } 1888 1889 static void 1890 dhcp6_startexpire(void *arg) 1891 { 1892 struct interface *ifp; 1893 1894 ifp = arg; 1895 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_sendrebind, ifp); 1896 1897 logerrx("%s: DHCPv6 lease expired", ifp->name); 1898 dhcp6_fail(ifp); 1899 } 1900 1901 static void 1902 dhcp6_finishrelease(void *arg) 1903 { 1904 struct interface *ifp; 1905 struct dhcp6_state *state; 1906 1907 ifp = (struct interface *)arg; 1908 if ((state = D6_STATE(ifp)) != NULL) { 1909 state->state = DH6S_RELEASED; 1910 dhcp6_drop(ifp, "RELEASE6"); 1911 } 1912 } 1913 1914 static void 1915 dhcp6_startrelease(struct interface *ifp) 1916 { 1917 struct dhcp6_state *state; 1918 1919 state = D6_STATE(ifp); 1920 if (state->state != DH6S_BOUND) 1921 return; 1922 1923 state->state = DH6S_RELEASE; 1924 state->RTC = 0; 1925 state->IMD = REL_MAX_DELAY; 1926 state->IRT = REL_TIMEOUT; 1927 state->MRT = REL_MAX_RT; 1928 /* MRC of REL_MAX_RC is optional in RFC 3315 18.1.6 */ 1929 #if 0 1930 state->MRC = REL_MAX_RC; 1931 state->MRCcallback = dhcp6_finishrelease; 1932 #else 1933 state->MRC = 0; 1934 state->MRCcallback = NULL; 1935 #endif 1936 1937 if (dhcp6_makemessage(ifp) == -1) 1938 logerr("%s: %s", __func__, ifp->name); 1939 else { 1940 dhcp6_sendrelease(ifp); 1941 dhcp6_finishrelease(ifp); 1942 } 1943 } 1944 1945 static int 1946 dhcp6_checkstatusok(const struct interface *ifp, 1947 struct dhcp6_message *m, uint8_t *p, size_t len) 1948 { 1949 struct dhcp6_state *state; 1950 uint8_t *opt; 1951 uint16_t opt_len, code; 1952 size_t mlen; 1953 void * (*f)(void *, size_t, uint16_t, uint16_t *), *farg; 1954 char buf[32], *sbuf; 1955 const char *status; 1956 int loglevel; 1957 1958 state = D6_STATE(ifp); 1959 f = p ? dhcp6_findoption : dhcp6_findmoption; 1960 if (p) 1961 farg = p; 1962 else 1963 farg = m; 1964 if ((opt = f(farg, len, D6_OPTION_STATUS_CODE, &opt_len)) == NULL) { 1965 //logdebugx("%s: no status", ifp->name); 1966 state->lerror = 0; 1967 errno = ESRCH; 1968 return 0; 1969 } 1970 1971 if (opt_len < sizeof(code)) { 1972 logerrx("%s: status truncated", ifp->name); 1973 return -1; 1974 } 1975 memcpy(&code, opt, sizeof(code)); 1976 code = ntohs(code); 1977 if (code == D6_STATUS_OK) { 1978 state->lerror = 0; 1979 errno = 0; 1980 return 0; 1981 } 1982 1983 /* Anything after the code is a message. */ 1984 opt += sizeof(code); 1985 mlen = opt_len - sizeof(code); 1986 if (mlen == 0) { 1987 sbuf = NULL; 1988 if (code < sizeof(dhcp6_statuses) / sizeof(char *)) 1989 status = dhcp6_statuses[code]; 1990 else { 1991 snprintf(buf, sizeof(buf), "Unknown Status (%d)", code); 1992 status = buf; 1993 } 1994 } else { 1995 if ((sbuf = malloc(mlen + 1)) == NULL) { 1996 logerr(__func__); 1997 return -1; 1998 } 1999 memcpy(sbuf, opt, mlen); 2000 sbuf[mlen] = '\0'; 2001 status = sbuf; 2002 } 2003 2004 if (state->lerror == code || state->state == DH6S_INIT) 2005 loglevel = LOG_DEBUG; 2006 else 2007 loglevel = LOG_ERR; 2008 logmessage(loglevel, "%s: DHCPv6 REPLY: %s", ifp->name, status); 2009 free(sbuf); 2010 state->lerror = code; 2011 errno = 0; 2012 return (int)code; 2013 } 2014 2015 const struct ipv6_addr * 2016 dhcp6_iffindaddr(const struct interface *ifp, const struct in6_addr *addr, 2017 unsigned int flags) 2018 { 2019 const struct dhcp6_state *state; 2020 const struct ipv6_addr *ap; 2021 2022 if ((state = D6_STATE(ifp)) != NULL) { 2023 TAILQ_FOREACH(ap, &state->addrs, next) { 2024 if (ipv6_findaddrmatch(ap, addr, flags)) 2025 return ap; 2026 } 2027 } 2028 return NULL; 2029 } 2030 2031 struct ipv6_addr * 2032 dhcp6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, 2033 unsigned int flags) 2034 { 2035 struct interface *ifp; 2036 struct ipv6_addr *ap; 2037 struct dhcp6_state *state; 2038 2039 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 2040 if ((state = D6_STATE(ifp)) != NULL) { 2041 TAILQ_FOREACH(ap, &state->addrs, next) { 2042 if (ipv6_findaddrmatch(ap, addr, flags)) 2043 return ap; 2044 } 2045 } 2046 } 2047 return NULL; 2048 } 2049 2050 static int 2051 dhcp6_findna(struct interface *ifp, uint16_t ot, const uint8_t *iaid, 2052 uint8_t *d, size_t l, const struct timespec *acquired) 2053 { 2054 struct dhcp6_state *state; 2055 uint8_t *o, *nd; 2056 uint16_t ol; 2057 struct ipv6_addr *a; 2058 int i; 2059 struct dhcp6_ia_addr ia; 2060 2061 i = 0; 2062 state = D6_STATE(ifp); 2063 while ((o = dhcp6_findoption(d, l, D6_OPTION_IA_ADDR, &ol))) { 2064 /* Set d and l first to ensure we find the next option. */ 2065 nd = o + ol; 2066 l -= (size_t)(nd - d); 2067 d = nd; 2068 if (ol < sizeof(ia)) { 2069 errno = EINVAL; 2070 logerrx("%s: IA Address option truncated", ifp->name); 2071 continue; 2072 } 2073 memcpy(&ia, o, sizeof(ia)); 2074 ia.pltime = ntohl(ia.pltime); 2075 ia.vltime = ntohl(ia.vltime); 2076 /* RFC 3315 22.6 */ 2077 if (ia.pltime > ia.vltime) { 2078 errno = EINVAL; 2079 logerr("%s: IA Address pltime %"PRIu32 2080 " > vltime %"PRIu32, 2081 ifp->name, ia.pltime, ia.vltime); 2082 continue; 2083 } 2084 TAILQ_FOREACH(a, &state->addrs, next) { 2085 if (ipv6_findaddrmatch(a, &ia.addr, 0)) 2086 break; 2087 } 2088 if (a == NULL) { 2089 /* 2090 * RFC 5942 Section 5 2091 * We cannot assume any prefix length, nor tie the 2092 * address to an existing one as it could expire 2093 * before the address. 2094 * As such we just give it a 128 prefix. 2095 */ 2096 a = ipv6_newaddr(ifp, &ia.addr, 128, IPV6_AF_ONLINK); 2097 a->dadcallback = dhcp6_dadcallback; 2098 a->ia_type = ot; 2099 memcpy(a->iaid, iaid, sizeof(a->iaid)); 2100 a->created = *acquired; 2101 2102 TAILQ_INSERT_TAIL(&state->addrs, a, next); 2103 } else { 2104 if (!(a->flags & IPV6_AF_ONLINK)) 2105 a->flags |= IPV6_AF_ONLINK | IPV6_AF_NEW; 2106 a->flags &= ~(IPV6_AF_STALE | IPV6_AF_EXTENDED); 2107 } 2108 a->acquired = *acquired; 2109 a->prefix_pltime = ia.pltime; 2110 if (a->prefix_vltime != ia.vltime) { 2111 a->flags |= IPV6_AF_NEW; 2112 a->prefix_vltime = ia.vltime; 2113 } 2114 if (a->prefix_pltime && a->prefix_pltime < state->lowpl) 2115 state->lowpl = a->prefix_pltime; 2116 if (a->prefix_vltime && a->prefix_vltime > state->expire) 2117 state->expire = a->prefix_vltime; 2118 i++; 2119 } 2120 return i; 2121 } 2122 2123 #ifndef SMALL 2124 static int 2125 dhcp6_findpd(struct interface *ifp, const uint8_t *iaid, 2126 uint8_t *d, size_t l, const struct timespec *acquired) 2127 { 2128 struct dhcp6_state *state; 2129 uint8_t *o, *nd; 2130 struct ipv6_addr *a; 2131 int i; 2132 uint8_t nb, *pw; 2133 uint16_t ol; 2134 struct dhcp6_pd_addr pdp; 2135 struct in6_addr pdp_prefix; 2136 2137 i = 0; 2138 state = D6_STATE(ifp); 2139 while ((o = dhcp6_findoption(d, l, D6_OPTION_IAPREFIX, &ol))) { 2140 /* Set d and l first to ensure we find the next option. */ 2141 nd = o + ol; 2142 l -= (size_t)(nd - d); 2143 d = nd; 2144 if (ol < sizeof(pdp)) { 2145 errno = EINVAL; 2146 logerrx("%s: IA Prefix option truncated", ifp->name); 2147 continue; 2148 } 2149 2150 memcpy(&pdp, o, sizeof(pdp)); 2151 pdp.pltime = ntohl(pdp.pltime); 2152 pdp.vltime = ntohl(pdp.vltime); 2153 /* RFC 3315 22.6 */ 2154 if (pdp.pltime > pdp.vltime) { 2155 errno = EINVAL; 2156 logerrx("%s: IA Prefix pltime %"PRIu32 2157 " > vltime %"PRIu32, 2158 ifp->name, pdp.pltime, pdp.vltime); 2159 continue; 2160 } 2161 2162 o += sizeof(pdp); 2163 ol = (uint16_t)(ol - sizeof(pdp)); 2164 2165 /* pdp.prefix is not aligned so copy it out. */ 2166 memcpy(&pdp_prefix, &pdp.prefix, sizeof(pdp_prefix)); 2167 TAILQ_FOREACH(a, &state->addrs, next) { 2168 if (IN6_ARE_ADDR_EQUAL(&a->prefix, &pdp_prefix)) 2169 break; 2170 } 2171 2172 if (a == NULL) { 2173 a = ipv6_newaddr(ifp, &pdp_prefix, pdp.prefix_len, 2174 IPV6_AF_DELEGATEDPFX); 2175 if (a == NULL) 2176 break; 2177 a->created = *acquired; 2178 a->dadcallback = dhcp6_dadcallback; 2179 a->ia_type = D6_OPTION_IA_PD; 2180 memcpy(a->iaid, iaid, sizeof(a->iaid)); 2181 TAILQ_INSERT_TAIL(&state->addrs, a, next); 2182 } else { 2183 if (!(a->flags & IPV6_AF_DELEGATEDPFX)) 2184 a->flags |= IPV6_AF_NEW | IPV6_AF_DELEGATEDPFX; 2185 a->flags &= ~(IPV6_AF_STALE | 2186 IPV6_AF_EXTENDED | 2187 IPV6_AF_REQUEST); 2188 if (a->prefix_vltime != pdp.vltime) 2189 a->flags |= IPV6_AF_NEW; 2190 } 2191 2192 a->acquired = *acquired; 2193 a->prefix_pltime = pdp.pltime; 2194 a->prefix_vltime = pdp.vltime; 2195 2196 if (a->prefix_pltime && a->prefix_pltime < state->lowpl) 2197 state->lowpl = a->prefix_pltime; 2198 if (a->prefix_vltime && a->prefix_vltime > state->expire) 2199 state->expire = a->prefix_vltime; 2200 i++; 2201 2202 a->prefix_exclude_len = 0; 2203 memset(&a->prefix_exclude, 0, sizeof(a->prefix_exclude)); 2204 o = dhcp6_findoption(o, ol, D6_OPTION_PD_EXCLUDE, &ol); 2205 if (o == NULL) 2206 continue; 2207 2208 /* RFC 6603 4.2 says option length MUST be between 2 and 17. 2209 * This allows 1 octet for prefix length and 16 for the 2210 * subnet ID. */ 2211 if (ol < 2 || ol > 17) { 2212 logerrx("%s: invalid PD Exclude option", ifp->name); 2213 continue; 2214 } 2215 2216 /* RFC 6603 4.2 says prefix length MUST be between the 2217 * length of the IAPREFIX prefix length + 1 and 128. */ 2218 if (*o < a->prefix_len + 1 || *o > 128) { 2219 logerrx("%s: invalid PD Exclude length", ifp->name); 2220 continue; 2221 } 2222 2223 ol--; 2224 /* Check option length matches prefix length. */ 2225 if (((*o - a->prefix_len - 1) / NBBY) + 1 != ol) { 2226 logerrx("%s: PD Exclude length mismatch", ifp->name); 2227 continue; 2228 } 2229 a->prefix_exclude_len = *o++; 2230 2231 memcpy(&a->prefix_exclude, &a->prefix, 2232 sizeof(a->prefix_exclude)); 2233 nb = a->prefix_len % NBBY; 2234 if (nb) 2235 ol--; 2236 pw = a->prefix_exclude.s6_addr + 2237 (a->prefix_exclude_len / NBBY) - 1; 2238 while (ol-- > 0) 2239 *pw-- = *o++; 2240 if (nb) 2241 *pw = (uint8_t)(*pw | (*o >> nb)); 2242 } 2243 return i; 2244 } 2245 #endif 2246 2247 static int 2248 dhcp6_findia(struct interface *ifp, struct dhcp6_message *m, size_t l, 2249 const char *sfrom, const struct timespec *acquired) 2250 { 2251 struct dhcp6_state *state; 2252 const struct if_options *ifo; 2253 struct dhcp6_option o; 2254 uint8_t *d, *p; 2255 struct dhcp6_ia_na ia; 2256 int i, e, error; 2257 size_t j; 2258 uint16_t nl; 2259 uint8_t iaid[4]; 2260 char buf[sizeof(iaid) * 3]; 2261 struct ipv6_addr *ap; 2262 struct if_ia *ifia; 2263 2264 if (l < sizeof(*m)) { 2265 /* Should be impossible with guards at packet in 2266 * and reading leases */ 2267 errno = EINVAL; 2268 return -1; 2269 } 2270 2271 ifo = ifp->options; 2272 i = e = 0; 2273 state = D6_STATE(ifp); 2274 TAILQ_FOREACH(ap, &state->addrs, next) { 2275 if (!(ap->flags & IPV6_AF_DELEGATED)) 2276 ap->flags |= IPV6_AF_STALE; 2277 } 2278 2279 d = (uint8_t *)m + sizeof(*m); 2280 l -= sizeof(*m); 2281 while (l > sizeof(o)) { 2282 memcpy(&o, d, sizeof(o)); 2283 o.len = ntohs(o.len); 2284 if (o.len > l || sizeof(o) + o.len > l) { 2285 errno = EINVAL; 2286 logerrx("%s: option overflow", ifp->name); 2287 break; 2288 } 2289 p = d + sizeof(o); 2290 d = p + o.len; 2291 l -= sizeof(o) + o.len; 2292 2293 o.code = ntohs(o.code); 2294 switch(o.code) { 2295 case D6_OPTION_IA_TA: 2296 nl = 4; 2297 break; 2298 case D6_OPTION_IA_NA: 2299 case D6_OPTION_IA_PD: 2300 nl = 12; 2301 break; 2302 default: 2303 continue; 2304 } 2305 if (o.len < nl) { 2306 errno = EINVAL; 2307 logerrx("%s: IA option truncated", ifp->name); 2308 continue; 2309 } 2310 2311 memcpy(&ia, p, nl); 2312 p += nl; 2313 o.len = (uint16_t)(o.len - nl); 2314 2315 for (j = 0; j < ifo->ia_len; j++) { 2316 ifia = &ifo->ia[j]; 2317 if (ifia->ia_type == o.code && 2318 memcmp(ifia->iaid, ia.iaid, sizeof(ia.iaid)) == 0) 2319 break; 2320 } 2321 if (j == ifo->ia_len && 2322 !(ifo->ia_len == 0 && ifp->ctx->options & DHCPCD_DUMPLEASE)) 2323 { 2324 logdebugx("%s: ignoring unrequested IAID %s", 2325 ifp->name, 2326 hwaddr_ntoa(ia.iaid, sizeof(ia.iaid), 2327 buf, sizeof(buf))); 2328 continue; 2329 } 2330 2331 if (o.code != D6_OPTION_IA_TA) { 2332 ia.t1 = ntohl(ia.t1); 2333 ia.t2 = ntohl(ia.t2); 2334 /* RFC 3315 22.4 */ 2335 if (ia.t2 > 0 && ia.t1 > ia.t2) { 2336 logwarnx("%s: IAID %s T1(%d) > T2(%d) from %s", 2337 ifp->name, 2338 hwaddr_ntoa(iaid, sizeof(iaid), buf, 2339 sizeof(buf)), 2340 ia.t1, ia.t2, sfrom); 2341 continue; 2342 } 2343 } else 2344 ia.t1 = ia.t2 = 0; /* appease gcc */ 2345 if ((error = dhcp6_checkstatusok(ifp, NULL, p, o.len)) != 0) { 2346 if (error == D6_STATUS_NOBINDING) 2347 state->has_no_binding = true; 2348 e = 1; 2349 continue; 2350 } 2351 if (o.code == D6_OPTION_IA_PD) { 2352 #ifndef SMALL 2353 if (dhcp6_findpd(ifp, ia.iaid, p, o.len, 2354 acquired) == 0) 2355 { 2356 logwarnx("%s: %s: DHCPv6 REPLY missing Prefix", 2357 ifp->name, sfrom); 2358 continue; 2359 } 2360 #endif 2361 } else { 2362 if (dhcp6_findna(ifp, o.code, ia.iaid, p, o.len, 2363 acquired) == 0) 2364 { 2365 logwarnx("%s: %s: DHCPv6 REPLY missing " 2366 "IA Address", 2367 ifp->name, sfrom); 2368 continue; 2369 } 2370 } 2371 if (o.code != D6_OPTION_IA_TA) { 2372 if (ia.t1 != 0 && 2373 (ia.t1 < state->renew || state->renew == 0)) 2374 state->renew = ia.t1; 2375 if (ia.t2 != 0 && 2376 (ia.t2 < state->rebind || state->rebind == 0)) 2377 state->rebind = ia.t2; 2378 } 2379 i++; 2380 } 2381 2382 if (i == 0 && e) 2383 return -1; 2384 return i; 2385 } 2386 2387 #ifndef SMALL 2388 static void 2389 dhcp6_deprecatedele(struct ipv6_addr *ia) 2390 { 2391 struct ipv6_addr *da, *dan, *dda; 2392 struct timespec now; 2393 struct dhcp6_state *state; 2394 2395 timespecclear(&now); 2396 TAILQ_FOREACH_SAFE(da, &ia->pd_pfxs, pd_next, dan) { 2397 if (ia->prefix_vltime == 0) { 2398 if (da->prefix_vltime != 0) 2399 da->prefix_vltime = 0; 2400 else 2401 continue; 2402 } else if (da->prefix_pltime != 0) 2403 da->prefix_pltime = 0; 2404 else 2405 continue; 2406 2407 if (ipv6_doaddr(da, &now) != -1) 2408 continue; 2409 2410 /* Delegation deleted, forget it. */ 2411 TAILQ_REMOVE(&ia->pd_pfxs, da, pd_next); 2412 2413 /* Delete it from the interface. */ 2414 state = D6_STATE(da->iface); 2415 TAILQ_FOREACH(dda, &state->addrs, next) { 2416 if (IN6_ARE_ADDR_EQUAL(&dda->addr, &da->addr)) 2417 break; 2418 } 2419 if (dda != NULL) { 2420 TAILQ_REMOVE(&state->addrs, dda, next); 2421 ipv6_freeaddr(dda); 2422 } 2423 } 2424 } 2425 #endif 2426 2427 static void 2428 dhcp6_deprecateaddrs(struct ipv6_addrhead *addrs) 2429 { 2430 struct ipv6_addr *ia, *ian; 2431 2432 TAILQ_FOREACH_SAFE(ia, addrs, next, ian) { 2433 if (ia->flags & IPV6_AF_EXTENDED) 2434 ; 2435 else if (ia->flags & IPV6_AF_STALE) { 2436 if (ia->prefix_vltime != 0) 2437 logdebugx("%s: %s: became stale", 2438 ia->iface->name, ia->saddr); 2439 /* Technically this violates RFC 8415 18.2.10.1, 2440 * but we need a mechanism to tell the kernel to 2441 * try and prefer other addresses. */ 2442 ia->prefix_pltime = 0; 2443 } else if (ia->prefix_vltime == 0) 2444 loginfox("%s: %s: no valid lifetime", 2445 ia->iface->name, ia->saddr); 2446 else 2447 continue; 2448 2449 #ifndef SMALL 2450 /* If we delegated from this prefix, deprecate or remove 2451 * the delegations. */ 2452 if (ia->flags & IPV6_AF_DELEGATEDPFX) 2453 dhcp6_deprecatedele(ia); 2454 #endif 2455 2456 if (ia->flags & IPV6_AF_REQUEST) { 2457 ia->prefix_vltime = ia->prefix_pltime = 0; 2458 eloop_q_timeout_delete(ia->iface->ctx->eloop, 2459 ELOOP_QUEUE_ALL, NULL, ia); 2460 continue; 2461 } 2462 TAILQ_REMOVE(addrs, ia, next); 2463 if (ia->flags & IPV6_AF_EXTENDED) 2464 ipv6_deleteaddr(ia); 2465 ipv6_freeaddr(ia); 2466 } 2467 } 2468 2469 static int 2470 dhcp6_validatelease(struct interface *ifp, 2471 struct dhcp6_message *m, size_t len, 2472 const char *sfrom, const struct timespec *acquired) 2473 { 2474 struct dhcp6_state *state; 2475 int nia, ok_errno; 2476 struct timespec aq; 2477 2478 if (len <= sizeof(*m)) { 2479 logerrx("%s: DHCPv6 lease truncated", ifp->name); 2480 return -1; 2481 } 2482 2483 state = D6_STATE(ifp); 2484 errno = 0; 2485 if (dhcp6_checkstatusok(ifp, m, NULL, len) != 0) 2486 return -1; 2487 ok_errno = errno; 2488 2489 state->renew = state->rebind = state->expire = 0; 2490 state->lowpl = ND6_INFINITE_LIFETIME; 2491 if (!acquired) { 2492 clock_gettime(CLOCK_MONOTONIC, &aq); 2493 acquired = &aq; 2494 } 2495 state->has_no_binding = false; 2496 nia = dhcp6_findia(ifp, m, len, sfrom, acquired); 2497 if (nia == 0) { 2498 if (state->state != DH6S_CONFIRM && ok_errno != 0) { 2499 logerrx("%s: no useable IA found in lease", ifp->name); 2500 return -1; 2501 } 2502 2503 /* We are confirming and have an OK, 2504 * so look for ia's in our old lease. 2505 * IA's must have existed here otherwise we would 2506 * have rejected it earlier. */ 2507 assert(state->new != NULL && state->new_len != 0); 2508 state->has_no_binding = false; 2509 nia = dhcp6_findia(ifp, state->new, state->new_len, 2510 sfrom, acquired); 2511 } 2512 return nia; 2513 } 2514 2515 static ssize_t 2516 dhcp6_writelease(const struct interface *ifp) 2517 { 2518 const struct dhcp6_state *state; 2519 int fd; 2520 ssize_t bytes; 2521 2522 state = D6_CSTATE(ifp); 2523 logdebugx("%s: writing lease `%s'", ifp->name, state->leasefile); 2524 2525 fd = open(state->leasefile, O_WRONLY | O_CREAT | O_TRUNC, 0644); 2526 if (fd == -1) 2527 return -1; 2528 bytes = write(fd, state->new, state->new_len); 2529 close(fd); 2530 return bytes; 2531 } 2532 2533 static int 2534 dhcp6_readlease(struct interface *ifp, int validate) 2535 { 2536 struct dhcp6_state *state; 2537 struct stat st; 2538 int fd; 2539 time_t now; 2540 int retval; 2541 bool read_stdin, fd_opened; 2542 #ifdef AUTH 2543 uint8_t *o; 2544 uint16_t ol; 2545 #endif 2546 2547 state = D6_STATE(ifp); 2548 read_stdin = state->leasefile[0] == '\0'; 2549 if (read_stdin) { 2550 logdebugx("reading standard input"); 2551 fd = fileno(stdin); 2552 fd_opened = false; 2553 } else { 2554 logdebugx("%s: reading lease `%s'", ifp->name,state->leasefile); 2555 fd = open(state->leasefile, O_RDONLY); 2556 if (fd != -1 && fstat(fd, &st) == -1) { 2557 close(fd); 2558 fd = -1; 2559 } 2560 fd_opened = true; 2561 } 2562 if (fd == -1) 2563 return -1; 2564 retval = -1; 2565 free(state->new); 2566 state->new_len = dhcp_read_lease_fd(fd, (void **)&state->new); 2567 if (fd_opened) 2568 close(fd); 2569 2570 if (ifp->ctx->options & DHCPCD_DUMPLEASE || read_stdin) 2571 return 0; 2572 2573 if (state->new_len == 0) { 2574 retval = 0; 2575 goto ex; 2576 } 2577 2578 /* If not validating IA's and if they have expired, 2579 * skip to the auth check. */ 2580 if (!validate) { 2581 fd = 0; 2582 goto auth; 2583 } 2584 2585 clock_gettime(CLOCK_MONOTONIC, &state->acquired); 2586 if ((now = time(NULL)) == -1) 2587 goto ex; 2588 state->acquired.tv_sec -= now - st.st_mtime; 2589 2590 /* Check to see if the lease is still valid */ 2591 fd = dhcp6_validatelease(ifp, state->new, state->new_len, NULL, 2592 &state->acquired); 2593 if (fd == -1) 2594 goto ex; 2595 2596 if (state->expire != ND6_INFINITE_LIFETIME && 2597 (time_t)state->expire < now - st.st_mtime && 2598 !(ifp->options->options & DHCPCD_LASTLEASE_EXTEND)) 2599 { 2600 logdebugx("%s: discarding expired lease", ifp->name); 2601 retval = 0; 2602 goto ex; 2603 } 2604 2605 auth: 2606 retval = 0; 2607 #ifdef AUTH 2608 /* Authenticate the message */ 2609 o = dhcp6_findmoption(state->new, state->new_len, D6_OPTION_AUTH, &ol); 2610 if (o) { 2611 if (dhcp_auth_validate(&state->auth, &ifp->options->auth, 2612 (uint8_t *)state->new, state->new_len, 6, state->new->type, 2613 o, ol) == NULL) 2614 { 2615 logerr("%s: authentication failed", ifp->name); 2616 goto ex; 2617 } 2618 if (state->auth.token) 2619 logdebugx("%s: validated using 0x%08" PRIu32, 2620 ifp->name, state->auth.token->secretid); 2621 else 2622 loginfox("%s: accepted reconfigure key", ifp->name); 2623 } else if ((ifp->options->auth.options & DHCPCD_AUTH_SENDREQUIRE) == 2624 DHCPCD_AUTH_SENDREQUIRE) 2625 { 2626 logerrx("%s: authentication now required", ifp->name); 2627 goto ex; 2628 } 2629 #endif 2630 2631 return fd; 2632 2633 ex: 2634 dhcp6_freedrop_addrs(ifp, 0, NULL); 2635 unlink(state->leasefile); 2636 free(state->new); 2637 state->new = NULL; 2638 state->new_len = 0; 2639 return retval; 2640 } 2641 2642 static void 2643 dhcp6_startinit(struct interface *ifp) 2644 { 2645 struct dhcp6_state *state; 2646 int r; 2647 uint8_t has_ta, has_non_ta; 2648 size_t i; 2649 2650 state = D6_STATE(ifp); 2651 state->state = DH6S_INIT; 2652 state->expire = ND6_INFINITE_LIFETIME; 2653 state->lowpl = ND6_INFINITE_LIFETIME; 2654 2655 dhcp6_addrequestedaddrs(ifp); 2656 has_ta = has_non_ta = 0; 2657 for (i = 0; i < ifp->options->ia_len; i++) { 2658 switch (ifp->options->ia[i].ia_type) { 2659 case D6_OPTION_IA_TA: 2660 has_ta = 1; 2661 break; 2662 default: 2663 has_non_ta = 1; 2664 } 2665 } 2666 2667 if (!(ifp->ctx->options & DHCPCD_TEST) && 2668 !(has_ta && !has_non_ta) && 2669 ifp->options->reboot != 0) 2670 { 2671 r = dhcp6_readlease(ifp, 1); 2672 if (r == -1) { 2673 if (errno != ENOENT && errno != ESRCH) 2674 logerr("%s: %s", __func__, state->leasefile); 2675 } else if (r != 0 && 2676 !(ifp->options->options & DHCPCD_ANONYMOUS)) 2677 { 2678 /* RFC 3633 section 12.1 */ 2679 #ifndef SMALL 2680 if (dhcp6_hasprefixdelegation(ifp)) 2681 dhcp6_startrebind(ifp); 2682 else 2683 #endif 2684 dhcp6_startconfirm(ifp); 2685 return; 2686 } 2687 } 2688 dhcp6_startdiscoinform(ifp); 2689 } 2690 2691 #ifndef SMALL 2692 static struct ipv6_addr * 2693 dhcp6_ifdelegateaddr(struct interface *ifp, struct ipv6_addr *prefix, 2694 const struct if_sla *sla, struct if_ia *if_ia) 2695 { 2696 struct dhcp6_state *state; 2697 struct in6_addr addr, daddr; 2698 struct ipv6_addr *ia; 2699 int pfxlen, dadcounter; 2700 uint64_t vl; 2701 2702 /* RFC6603 Section 4.2 */ 2703 if (strcmp(ifp->name, prefix->iface->name) == 0) { 2704 if (prefix->prefix_exclude_len == 0) { 2705 /* Don't spam the log automatically */ 2706 if (sla != NULL) 2707 logwarnx("%s: DHCPv6 server does not support " 2708 "OPTION_PD_EXCLUDE", 2709 ifp->name); 2710 return NULL; 2711 } 2712 pfxlen = prefix->prefix_exclude_len; 2713 memcpy(&addr, &prefix->prefix_exclude, sizeof(addr)); 2714 } else if ((pfxlen = dhcp6_delegateaddr(&addr, ifp, prefix, 2715 sla, if_ia)) == -1) 2716 return NULL; 2717 2718 if (sla != NULL && fls64(sla->suffix) > 128 - pfxlen) { 2719 logerrx("%s: suffix %" PRIu64 " + prefix_len %d > 128", 2720 ifp->name, sla->suffix, pfxlen); 2721 return NULL; 2722 } 2723 2724 /* Add our suffix */ 2725 if (sla != NULL && sla->suffix != 0) { 2726 daddr = addr; 2727 vl = be64dec(addr.s6_addr + 8); 2728 vl |= sla->suffix; 2729 be64enc(daddr.s6_addr + 8, vl); 2730 } else { 2731 dadcounter = ipv6_makeaddr(&daddr, ifp, &addr, pfxlen, 0); 2732 if (dadcounter == -1) { 2733 logerrx("%s: error adding slaac to prefix_len %d", 2734 ifp->name, pfxlen); 2735 return NULL; 2736 } 2737 } 2738 2739 /* Find an existing address */ 2740 state = D6_STATE(ifp); 2741 TAILQ_FOREACH(ia, &state->addrs, next) { 2742 if (IN6_ARE_ADDR_EQUAL(&ia->addr, &daddr)) 2743 break; 2744 } 2745 if (ia == NULL) { 2746 ia = ipv6_newaddr(ifp, &daddr, (uint8_t)pfxlen, IPV6_AF_ONLINK); 2747 if (ia == NULL) 2748 return NULL; 2749 ia->dadcallback = dhcp6_dadcallback; 2750 memcpy(&ia->iaid, &prefix->iaid, sizeof(ia->iaid)); 2751 ia->created = prefix->acquired; 2752 2753 TAILQ_INSERT_TAIL(&state->addrs, ia, next); 2754 TAILQ_INSERT_TAIL(&prefix->pd_pfxs, ia, pd_next); 2755 } 2756 ia->delegating_prefix = prefix; 2757 ia->prefix = addr; 2758 ia->prefix_len = (uint8_t)pfxlen; 2759 ia->acquired = prefix->acquired; 2760 ia->prefix_pltime = prefix->prefix_pltime; 2761 ia->prefix_vltime = prefix->prefix_vltime; 2762 2763 /* If the prefix length hasn't changed, 2764 * don't install a reject route. */ 2765 if (prefix->prefix_len == pfxlen) 2766 prefix->flags |= IPV6_AF_NOREJECT; 2767 else 2768 prefix->flags &= ~IPV6_AF_NOREJECT; 2769 2770 return ia; 2771 } 2772 #endif 2773 2774 static void 2775 dhcp6_script_try_run(struct interface *ifp, int delegated) 2776 { 2777 struct dhcp6_state *state; 2778 struct ipv6_addr *ap; 2779 int completed; 2780 2781 state = D6_STATE(ifp); 2782 completed = 1; 2783 /* If all addresses have completed DAD run the script */ 2784 TAILQ_FOREACH(ap, &state->addrs, next) { 2785 if (!(ap->flags & IPV6_AF_ADDED)) 2786 continue; 2787 if (ap->flags & IPV6_AF_ONLINK) { 2788 if (!(ap->flags & IPV6_AF_DADCOMPLETED) && 2789 ipv6_iffindaddr(ap->iface, &ap->addr, 2790 IN6_IFF_TENTATIVE)) 2791 ap->flags |= IPV6_AF_DADCOMPLETED; 2792 if ((ap->flags & IPV6_AF_DADCOMPLETED) == 0 2793 #ifndef SMALL 2794 && ((delegated && ap->delegating_prefix) || 2795 (!delegated && !ap->delegating_prefix)) 2796 #endif 2797 ) 2798 { 2799 completed = 0; 2800 break; 2801 } 2802 } 2803 } 2804 if (completed) { 2805 script_runreason(ifp, delegated ? "DELEGATED6" : state->reason); 2806 if (!delegated) 2807 dhcpcd_daemonise(ifp->ctx); 2808 } else 2809 logdebugx("%s: waiting for DHCPv6 DAD to complete", ifp->name); 2810 } 2811 2812 #ifdef SMALL 2813 size_t 2814 dhcp6_find_delegates(__unused struct interface *ifp) 2815 { 2816 2817 return 0; 2818 } 2819 #else 2820 static void 2821 dhcp6_delegate_prefix(struct interface *ifp) 2822 { 2823 struct if_options *ifo; 2824 struct dhcp6_state *state; 2825 struct ipv6_addr *ap; 2826 size_t i, j, k; 2827 struct if_ia *ia; 2828 struct if_sla *sla; 2829 struct interface *ifd; 2830 bool carrier_warned; 2831 2832 ifo = ifp->options; 2833 state = D6_STATE(ifp); 2834 2835 /* Clear the logged flag. */ 2836 TAILQ_FOREACH(ap, &state->addrs, next) { 2837 ap->flags &= ~IPV6_AF_DELEGATEDLOG; 2838 } 2839 2840 TAILQ_FOREACH(ifd, ifp->ctx->ifaces, next) { 2841 if (!ifd->active) 2842 continue; 2843 k = 0; 2844 carrier_warned = false; 2845 TAILQ_FOREACH(ap, &state->addrs, next) { 2846 if (!(ap->flags & IPV6_AF_DELEGATEDPFX)) 2847 continue; 2848 if (!(ap->flags & IPV6_AF_DELEGATEDLOG)) { 2849 int loglevel; 2850 2851 if (ap->flags & IPV6_AF_NEW) 2852 loglevel = LOG_INFO; 2853 else 2854 loglevel = LOG_DEBUG; 2855 /* We only want to log this the once as we loop 2856 * through many interfaces first. */ 2857 ap->flags |= IPV6_AF_DELEGATEDLOG; 2858 logmessage(loglevel, "%s: delegated prefix %s", 2859 ifp->name, ap->saddr); 2860 ap->flags &= ~IPV6_AF_NEW; 2861 } 2862 for (i = 0; i < ifo->ia_len; i++) { 2863 ia = &ifo->ia[i]; 2864 if (ia->ia_type != D6_OPTION_IA_PD) 2865 continue; 2866 if (memcmp(ia->iaid, ap->iaid, 2867 sizeof(ia->iaid))) 2868 continue; 2869 if (ia->sla_len == 0) { 2870 /* no SLA configured, so lets 2871 * automate it */ 2872 if (ifd->carrier != LINK_UP) { 2873 logdebugx( 2874 "%s: has no carrier, cannot" 2875 " delegate addresses", 2876 ifd->name); 2877 carrier_warned = true; 2878 break; 2879 } 2880 if (dhcp6_ifdelegateaddr(ifd, ap, 2881 NULL, ia)) 2882 k++; 2883 } 2884 for (j = 0; j < ia->sla_len; j++) { 2885 sla = &ia->sla[j]; 2886 if (strcmp(ifd->name, sla->ifname)) 2887 continue; 2888 if (ifd->carrier != LINK_UP) { 2889 logdebugx( 2890 "%s: has no carrier, cannot" 2891 " delegate addresses", 2892 ifd->name); 2893 carrier_warned = true; 2894 break; 2895 } 2896 if (dhcp6_ifdelegateaddr(ifd, ap, 2897 sla, ia)) 2898 k++; 2899 } 2900 if (carrier_warned) 2901 break; 2902 } 2903 if (carrier_warned) 2904 break; 2905 } 2906 if (k && !carrier_warned) { 2907 struct dhcp6_state *s = D6_STATE(ifd); 2908 2909 ipv6_addaddrs(&s->addrs); 2910 dhcp6_script_try_run(ifd, 1); 2911 } 2912 } 2913 2914 /* Now all addresses have been added, rebuild the routing table. */ 2915 rt_build(ifp->ctx, AF_INET6); 2916 } 2917 2918 static void 2919 dhcp6_find_delegates1(void *arg) 2920 { 2921 2922 dhcp6_find_delegates(arg); 2923 } 2924 2925 size_t 2926 dhcp6_find_delegates(struct interface *ifp) 2927 { 2928 struct if_options *ifo; 2929 struct dhcp6_state *state; 2930 struct ipv6_addr *ap; 2931 size_t i, j, k; 2932 struct if_ia *ia; 2933 struct if_sla *sla; 2934 struct interface *ifd; 2935 2936 k = 0; 2937 TAILQ_FOREACH(ifd, ifp->ctx->ifaces, next) { 2938 ifo = ifd->options; 2939 state = D6_STATE(ifd); 2940 if (state == NULL || state->state != DH6S_BOUND) 2941 continue; 2942 TAILQ_FOREACH(ap, &state->addrs, next) { 2943 if (!(ap->flags & IPV6_AF_DELEGATEDPFX)) 2944 continue; 2945 for (i = 0; i < ifo->ia_len; i++) { 2946 ia = &ifo->ia[i]; 2947 if (ia->ia_type != D6_OPTION_IA_PD) 2948 continue; 2949 if (memcmp(ia->iaid, ap->iaid, 2950 sizeof(ia->iaid))) 2951 continue; 2952 for (j = 0; j < ia->sla_len; j++) { 2953 sla = &ia->sla[j]; 2954 if (strcmp(ifp->name, sla->ifname)) 2955 continue; 2956 if (ipv6_linklocal(ifp) == NULL) { 2957 logdebugx( 2958 "%s: delaying adding" 2959 " delegated addresses for" 2960 " LL address", 2961 ifp->name); 2962 ipv6_addlinklocalcallback(ifp, 2963 dhcp6_find_delegates1, ifp); 2964 return 1; 2965 } 2966 if (dhcp6_ifdelegateaddr(ifp, ap, 2967 sla, ia)) 2968 k++; 2969 } 2970 } 2971 } 2972 } 2973 2974 if (k) { 2975 loginfox("%s: adding delegated prefixes", ifp->name); 2976 state = D6_STATE(ifp); 2977 state->state = DH6S_DELEGATED; 2978 ipv6_addaddrs(&state->addrs); 2979 rt_build(ifp->ctx, AF_INET6); 2980 dhcp6_script_try_run(ifp, 1); 2981 } 2982 return k; 2983 } 2984 #endif 2985 2986 static void 2987 dhcp6_bind(struct interface *ifp, const char *op, const char *sfrom) 2988 { 2989 struct dhcp6_state *state = D6_STATE(ifp); 2990 bool timedout = (op == NULL), has_new = false, confirmed; 2991 struct ipv6_addr *ia; 2992 int loglevel; 2993 struct timespec now; 2994 2995 TAILQ_FOREACH(ia, &state->addrs, next) { 2996 if (ia->flags & IPV6_AF_NEW) { 2997 has_new = true; 2998 break; 2999 } 3000 } 3001 loglevel = has_new ? LOG_INFO : LOG_DEBUG; 3002 if (!timedout) { 3003 logmessage(loglevel, "%s: %s received from %s", 3004 ifp->name, op, sfrom); 3005 #ifndef SMALL 3006 /* If we delegated from an unconfirmed lease we MUST drop 3007 * them now. Hopefully we have new delegations. */ 3008 if (state->reason != NULL && 3009 strcmp(state->reason, "TIMEOUT6") == 0) 3010 dhcp6_delete_delegates(ifp); 3011 #endif 3012 state->reason = NULL; 3013 } else 3014 state->reason = "TIMEOUT6"; 3015 3016 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp); 3017 clock_gettime(CLOCK_MONOTONIC, &now); 3018 3019 switch(state->state) { 3020 case DH6S_INFORM: 3021 { 3022 struct dhcp6_option *o; 3023 uint16_t ol; 3024 3025 if (state->reason == NULL) 3026 state->reason = "INFORM6"; 3027 o = dhcp6_findmoption(state->new, state->new_len, 3028 D6_OPTION_INFO_REFRESH_TIME, &ol); 3029 if (o == NULL || ol != sizeof(uint32_t)) 3030 state->renew = IRT_DEFAULT; 3031 else { 3032 memcpy(&state->renew, o, ol); 3033 state->renew = ntohl(state->renew); 3034 if (state->renew < IRT_MINIMUM) 3035 state->renew = IRT_MINIMUM; 3036 } 3037 state->rebind = 0; 3038 state->expire = ND6_INFINITE_LIFETIME; 3039 state->lowpl = ND6_INFINITE_LIFETIME; 3040 } 3041 break; 3042 3043 case DH6S_REQUEST: 3044 if (state->reason == NULL) 3045 state->reason = "BOUND6"; 3046 /* FALLTHROUGH */ 3047 case DH6S_RENEW: 3048 if (state->reason == NULL) 3049 state->reason = "RENEW6"; 3050 /* FALLTHROUGH */ 3051 case DH6S_REBIND: 3052 if (state->reason == NULL) 3053 state->reason = "REBIND6"; 3054 /* FALLTHROUGH */ 3055 case DH6S_CONFIRM: 3056 if (state->reason == NULL) 3057 state->reason = "REBOOT6"; 3058 if (state->renew != 0) { 3059 bool all_expired = true; 3060 3061 TAILQ_FOREACH(ia, &state->addrs, next) { 3062 if (ia->flags & IPV6_AF_STALE) 3063 continue; 3064 if (!(state->renew == ND6_INFINITE_LIFETIME 3065 && ia->prefix_vltime == ND6_INFINITE_LIFETIME) 3066 && ia->prefix_vltime != 0 3067 && ia->prefix_vltime <= state->renew) 3068 logwarnx( 3069 "%s: %s will expire before renewal", 3070 ifp->name, ia->saddr); 3071 else 3072 all_expired = false; 3073 } 3074 if (all_expired) { 3075 /* All address's vltime happens at or before 3076 * the configured T1 in the IA. 3077 * This is a badly configured server and we 3078 * have to use our own notion of what 3079 * T1 and T2 should be as a result. 3080 * 3081 * Doing this violates RFC 3315 22.4: 3082 * In a message sent by a server to a client, 3083 * the client MUST use the values in the T1 3084 * and T2 fields for the T1 and T2 parameters, 3085 * unless those values in those fields are 0. 3086 */ 3087 logwarnx("%s: ignoring T1 %"PRIu32 3088 " due to address expiry", 3089 ifp->name, state->renew); 3090 state->renew = state->rebind = 0; 3091 } 3092 } 3093 if (state->renew == 0 && state->lowpl != ND6_INFINITE_LIFETIME) 3094 state->renew = (uint32_t)(state->lowpl * 0.5); 3095 if (state->rebind == 0 && state->lowpl != ND6_INFINITE_LIFETIME) 3096 state->rebind = (uint32_t)(state->lowpl * 0.8); 3097 break; 3098 default: 3099 state->reason = "UNKNOWN6"; 3100 break; 3101 } 3102 3103 if (state->state != DH6S_CONFIRM && !timedout) { 3104 state->acquired = now; 3105 free(state->old); 3106 state->old = state->new; 3107 state->old_len = state->new_len; 3108 state->new = state->recv; 3109 state->new_len = state->recv_len; 3110 state->recv = NULL; 3111 state->recv_len = 0; 3112 confirmed = false; 3113 } else { 3114 /* Reduce timers based on when we got the lease. */ 3115 uint32_t elapsed; 3116 3117 elapsed = (uint32_t)eloop_timespec_diff(&now, 3118 &state->acquired, NULL); 3119 if (state->renew && state->renew != ND6_INFINITE_LIFETIME) { 3120 if (state->renew > elapsed) 3121 state->renew -= elapsed; 3122 else 3123 state->renew = 0; 3124 } 3125 if (state->rebind && state->rebind != ND6_INFINITE_LIFETIME) { 3126 if (state->rebind > elapsed) 3127 state->rebind -= elapsed; 3128 else 3129 state->rebind = 0; 3130 } 3131 if (state->expire && state->expire != ND6_INFINITE_LIFETIME) { 3132 if (state->expire > elapsed) 3133 state->expire -= elapsed; 3134 else 3135 state->expire = 0; 3136 } 3137 confirmed = true; 3138 } 3139 3140 if (ifp->ctx->options & DHCPCD_TEST) 3141 script_runreason(ifp, "TEST"); 3142 else { 3143 if (state->state == DH6S_INFORM) 3144 state->state = DH6S_INFORMED; 3145 else 3146 state->state = DH6S_BOUND; 3147 state->failed = false; 3148 3149 if (state->renew && state->renew != ND6_INFINITE_LIFETIME) 3150 eloop_timeout_add_sec(ifp->ctx->eloop, 3151 state->renew, 3152 state->state == DH6S_INFORMED ? 3153 dhcp6_startinform : dhcp6_startrenew, ifp); 3154 if (state->rebind && state->rebind != ND6_INFINITE_LIFETIME) 3155 eloop_timeout_add_sec(ifp->ctx->eloop, 3156 state->rebind, dhcp6_startrebind, ifp); 3157 if (state->expire != ND6_INFINITE_LIFETIME) 3158 eloop_timeout_add_sec(ifp->ctx->eloop, 3159 state->expire, dhcp6_startexpire, ifp); 3160 3161 ipv6_addaddrs(&state->addrs); 3162 if (!timedout) 3163 dhcp6_deprecateaddrs(&state->addrs); 3164 3165 if (state->state == DH6S_INFORMED) 3166 logmessage(loglevel, "%s: refresh in %"PRIu32" seconds", 3167 ifp->name, state->renew); 3168 else if (state->renew == ND6_INFINITE_LIFETIME) 3169 logmessage(loglevel, "%s: leased for infinity", 3170 ifp->name); 3171 else if (state->renew || state->rebind) 3172 logmessage(loglevel, "%s: renew in %"PRIu32", " 3173 "rebind in %"PRIu32", " 3174 "expire in %"PRIu32" seconds", 3175 ifp->name, 3176 state->renew, state->rebind, state->expire); 3177 else if (state->expire == 0) 3178 logmessage(loglevel, "%s: will expire", ifp->name); 3179 else 3180 logmessage(loglevel, "%s: expire in %"PRIu32" seconds", 3181 ifp->name, state->expire); 3182 rt_build(ifp->ctx, AF_INET6); 3183 if (!confirmed && !timedout) 3184 if (dhcp6_writelease(ifp) == -1) 3185 logerr("dhcp6_writelease: %s",state->leasefile); 3186 #ifndef SMALL 3187 dhcp6_delegate_prefix(ifp); 3188 #endif 3189 dhcp6_script_try_run(ifp, 0); 3190 } 3191 3192 if (ifp->ctx->options & DHCPCD_TEST || 3193 (ifp->options->options & DHCPCD_INFORM && 3194 !(ifp->ctx->options & DHCPCD_MASTER))) 3195 { 3196 eloop_exit(ifp->ctx->eloop, EXIT_SUCCESS); 3197 } 3198 } 3199 3200 static void 3201 dhcp6_recvif(struct interface *ifp, const char *sfrom, 3202 struct dhcp6_message *r, size_t len) 3203 { 3204 struct dhcpcd_ctx *ctx; 3205 size_t i; 3206 const char *op; 3207 struct dhcp6_state *state; 3208 uint8_t *o; 3209 uint16_t ol; 3210 const struct dhcp_opt *opt; 3211 const struct if_options *ifo; 3212 bool valid_op; 3213 #ifdef AUTH 3214 uint8_t *auth; 3215 uint16_t auth_len; 3216 #endif 3217 3218 ctx = ifp->ctx; 3219 state = D6_STATE(ifp); 3220 if (state == NULL || state->send == NULL) { 3221 logdebugx("%s: DHCPv6 reply received but not running", 3222 ifp->name); 3223 return; 3224 } 3225 3226 /* We're already bound and this message is for another machine */ 3227 /* XXX DELEGATED? */ 3228 if (r->type != DHCP6_RECONFIGURE && 3229 (state->state == DH6S_BOUND || state->state == DH6S_INFORMED)) 3230 { 3231 logdebugx("%s: DHCPv6 reply received but already bound", 3232 ifp->name); 3233 return; 3234 } 3235 3236 if (dhcp6_findmoption(r, len, D6_OPTION_SERVERID, NULL) == NULL) { 3237 logdebugx("%s: no DHCPv6 server ID from %s", ifp->name, sfrom); 3238 return; 3239 } 3240 3241 ifo = ifp->options; 3242 for (i = 0, opt = ctx->dhcp6_opts; 3243 i < ctx->dhcp6_opts_len; 3244 i++, opt++) 3245 { 3246 if (has_option_mask(ifo->requiremask6, opt->option) && 3247 !dhcp6_findmoption(r, len, (uint16_t)opt->option, NULL)) 3248 { 3249 logwarnx("%s: reject DHCPv6 (no option %s) from %s", 3250 ifp->name, opt->var, sfrom); 3251 return; 3252 } 3253 if (has_option_mask(ifo->rejectmask6, opt->option) && 3254 dhcp6_findmoption(r, len, (uint16_t)opt->option, NULL)) 3255 { 3256 logwarnx("%s: reject DHCPv6 (option %s) from %s", 3257 ifp->name, opt->var, sfrom); 3258 return; 3259 } 3260 } 3261 3262 #ifdef AUTH 3263 /* Authenticate the message */ 3264 auth = dhcp6_findmoption(r, len, D6_OPTION_AUTH, &auth_len); 3265 if (auth != NULL) { 3266 if (dhcp_auth_validate(&state->auth, &ifo->auth, 3267 (uint8_t *)r, len, 6, r->type, auth, auth_len) == NULL) 3268 { 3269 logerr("%s: authentication failed from %s", 3270 ifp->name, sfrom); 3271 return; 3272 } 3273 if (state->auth.token) 3274 logdebugx("%s: validated using 0x%08" PRIu32, 3275 ifp->name, state->auth.token->secretid); 3276 else 3277 loginfox("%s: accepted reconfigure key", ifp->name); 3278 } else if (ifo->auth.options & DHCPCD_AUTH_SEND) { 3279 if (ifo->auth.options & DHCPCD_AUTH_REQUIRE) { 3280 logerr("%s: no authentication from %s", 3281 ifp->name, sfrom); 3282 return; 3283 } 3284 logwarnx("%s: no authentication from %s", ifp->name, sfrom); 3285 } 3286 #endif 3287 3288 op = dhcp6_get_op(r->type); 3289 valid_op = op != NULL; 3290 switch(r->type) { 3291 case DHCP6_REPLY: 3292 switch(state->state) { 3293 case DH6S_INFORM: 3294 if (dhcp6_checkstatusok(ifp, r, NULL, len) != 0) 3295 return; 3296 break; 3297 case DH6S_CONFIRM: 3298 if (dhcp6_validatelease(ifp, r, len, sfrom, NULL) == -1) 3299 { 3300 dhcp6_startdiscoinform(ifp); 3301 return; 3302 } 3303 break; 3304 case DH6S_DISCOVER: 3305 /* Only accept REPLY in DISCOVER for RAPID_COMMIT. 3306 * Normally we get an ADVERTISE for a DISCOVER. */ 3307 if (!has_option_mask(ifo->requestmask6, 3308 D6_OPTION_RAPID_COMMIT) || 3309 !dhcp6_findmoption(r, len, D6_OPTION_RAPID_COMMIT, 3310 NULL)) 3311 { 3312 valid_op = false; 3313 break; 3314 } 3315 /* Validate lease before setting state to REQUEST. */ 3316 /* FALLTHROUGH */ 3317 case DH6S_REQUEST: /* FALLTHROUGH */ 3318 case DH6S_RENEW: /* FALLTHROUGH */ 3319 case DH6S_REBIND: 3320 if (dhcp6_validatelease(ifp, r, len, sfrom, NULL) == -1) 3321 { 3322 /* 3323 * If we can't use the lease, fallback to 3324 * DISCOVER and try and get a new one. 3325 * 3326 * This is needed become some servers 3327 * renumber the prefix or address 3328 * and deny the current one before it expires 3329 * rather than sending it back with a zero 3330 * lifetime along with the new prefix or 3331 * address to use. 3332 * This behavior is wrong, but moving to the 3333 * DISCOVER phase works around it. 3334 * 3335 * The currently held lease is still valid 3336 * until a new one is found. 3337 */ 3338 if (state->state != DH6S_DISCOVER) 3339 dhcp6_startdiscoinform(ifp); 3340 return; 3341 } 3342 /* RFC8415 18.2.10.1 */ 3343 if ((state->state == DH6S_RENEW || 3344 state->state == DH6S_REBIND) && 3345 state->has_no_binding) 3346 { 3347 dhcp6_startrequest(ifp); 3348 return; 3349 } 3350 if (state->state == DH6S_DISCOVER) 3351 state->state = DH6S_REQUEST; 3352 break; 3353 default: 3354 valid_op = false; 3355 break; 3356 } 3357 break; 3358 case DHCP6_ADVERTISE: 3359 if (state->state != DH6S_DISCOVER) { 3360 valid_op = false; 3361 break; 3362 } 3363 /* RFC7083 */ 3364 o = dhcp6_findmoption(r, len, D6_OPTION_SOL_MAX_RT, &ol); 3365 if (o && ol == sizeof(uint32_t)) { 3366 uint32_t max_rt; 3367 3368 memcpy(&max_rt, o, sizeof(max_rt)); 3369 max_rt = ntohl(max_rt); 3370 if (max_rt >= 60 && max_rt <= 86400) { 3371 logdebugx("%s: SOL_MAX_RT %llu -> %u", 3372 ifp->name, 3373 (unsigned long long)state->sol_max_rt, 3374 max_rt); 3375 state->sol_max_rt = max_rt; 3376 } else 3377 logerr("%s: invalid SOL_MAX_RT %u", 3378 ifp->name, max_rt); 3379 } 3380 o = dhcp6_findmoption(r, len, D6_OPTION_INF_MAX_RT, &ol); 3381 if (o && ol == sizeof(uint32_t)) { 3382 uint32_t max_rt; 3383 3384 memcpy(&max_rt, o, sizeof(max_rt)); 3385 max_rt = ntohl(max_rt); 3386 if (max_rt >= 60 && max_rt <= 86400) { 3387 logdebugx("%s: INF_MAX_RT %llu -> %u", 3388 ifp->name, 3389 (unsigned long long)state->inf_max_rt, 3390 max_rt); 3391 state->inf_max_rt = max_rt; 3392 } else 3393 logerrx("%s: invalid INF_MAX_RT %u", 3394 ifp->name, max_rt); 3395 } 3396 if (dhcp6_validatelease(ifp, r, len, sfrom, NULL) == -1) 3397 return; 3398 break; 3399 case DHCP6_RECONFIGURE: 3400 #ifdef AUTH 3401 if (auth == NULL) { 3402 #endif 3403 logerrx("%s: unauthenticated %s from %s", 3404 ifp->name, op, sfrom); 3405 if (ifo->auth.options & DHCPCD_AUTH_REQUIRE) 3406 return; 3407 #ifdef AUTH 3408 } 3409 loginfox("%s: %s from %s", ifp->name, op, sfrom); 3410 o = dhcp6_findmoption(r, len, D6_OPTION_RECONF_MSG, &ol); 3411 if (o == NULL) { 3412 logerrx("%s: missing Reconfigure Message option", 3413 ifp->name); 3414 return; 3415 } 3416 if (ol != 1) { 3417 logerrx("%s: missing Reconfigure Message type", 3418 ifp->name); 3419 return; 3420 } 3421 switch(*o) { 3422 case DHCP6_RENEW: 3423 if (state->state != DH6S_BOUND) { 3424 logerrx("%s: not bound, ignoring %s", 3425 ifp->name, op); 3426 return; 3427 } 3428 dhcp6_startrenew(ifp); 3429 break; 3430 case DHCP6_INFORMATION_REQ: 3431 if (state->state != DH6S_INFORMED) { 3432 logerrx("%s: not informed, ignoring %s", 3433 ifp->name, op); 3434 return; 3435 } 3436 eloop_timeout_delete(ifp->ctx->eloop, 3437 dhcp6_sendinform, ifp); 3438 dhcp6_startinform(ifp); 3439 break; 3440 default: 3441 logerr("%s: unsupported %s type %d", 3442 ifp->name, op, *o); 3443 break; 3444 } 3445 return; 3446 #else 3447 break; 3448 #endif 3449 default: 3450 logerrx("%s: invalid DHCP6 type %s (%d)", 3451 ifp->name, op, r->type); 3452 return; 3453 } 3454 if (!valid_op) { 3455 logwarnx("%s: invalid state for DHCP6 type %s (%d)", 3456 ifp->name, op, r->type); 3457 return; 3458 } 3459 3460 if (state->recv_len < (size_t)len) { 3461 free(state->recv); 3462 state->recv = malloc(len); 3463 if (state->recv == NULL) { 3464 logerr(__func__); 3465 return; 3466 } 3467 } 3468 memcpy(state->recv, r, len); 3469 state->recv_len = len; 3470 3471 if (r->type == DHCP6_ADVERTISE) { 3472 struct ipv6_addr *ia; 3473 3474 if (state->state == DH6S_REQUEST) /* rapid commit */ 3475 goto bind; 3476 TAILQ_FOREACH(ia, &state->addrs, next) { 3477 if (!(ia->flags & (IPV6_AF_STALE | IPV6_AF_REQUEST))) 3478 break; 3479 } 3480 if (ia == NULL) 3481 ia = TAILQ_FIRST(&state->addrs); 3482 if (ia == NULL) 3483 loginfox("%s: ADV (no address) from %s", 3484 ifp->name, sfrom); 3485 else 3486 loginfox("%s: ADV %s from %s", 3487 ifp->name, ia->saddr, sfrom); 3488 dhcp6_startrequest(ifp); 3489 return; 3490 } 3491 3492 bind: 3493 dhcp6_bind(ifp, op, sfrom); 3494 } 3495 3496 void 3497 dhcp6_recvmsg(struct dhcpcd_ctx *ctx, struct msghdr *msg, struct ipv6_addr *ia) 3498 { 3499 struct sockaddr_in6 *from = msg->msg_name; 3500 size_t len = msg->msg_iov[0].iov_len; 3501 char sfrom[INET6_ADDRSTRLEN]; 3502 struct interface *ifp; 3503 struct dhcp6_message *r; 3504 const struct dhcp6_state *state; 3505 uint8_t *o; 3506 uint16_t ol; 3507 3508 inet_ntop(AF_INET6, &from->sin6_addr, sfrom, sizeof(sfrom)); 3509 if (len < sizeof(struct dhcp6_message)) { 3510 logerrx("DHCPv6 packet too short from %s", sfrom); 3511 return; 3512 } 3513 3514 if (ia != NULL) 3515 ifp = ia->iface; 3516 else { 3517 ifp = if_findifpfromcmsg(ctx, msg, NULL); 3518 if (ifp == NULL) { 3519 logerr(__func__); 3520 return; 3521 } 3522 } 3523 3524 r = (struct dhcp6_message *)msg->msg_iov[0].iov_base; 3525 3526 uint8_t duid[DUID_LEN], *dp; 3527 size_t duid_len; 3528 o = dhcp6_findmoption(r, len, D6_OPTION_CLIENTID, &ol); 3529 if (ifp->options->options & DHCPCD_ANONYMOUS) { 3530 duid_len = duid_make(duid, ifp, DUID_LL); 3531 dp = duid; 3532 } else { 3533 duid_len = ctx->duid_len; 3534 dp = ctx->duid; 3535 } 3536 if (o == NULL || ol != duid_len || memcmp(o, dp, ol) != 0) { 3537 logdebugx("%s: incorrect client ID from %s", 3538 ifp->name, sfrom); 3539 return; 3540 } 3541 3542 if (dhcp6_findmoption(r, len, D6_OPTION_SERVERID, NULL) == NULL) { 3543 logdebugx("%s: no DHCPv6 server ID from %s", 3544 ifp->name, sfrom); 3545 return; 3546 } 3547 3548 if (r->type == DHCP6_RECONFIGURE) { 3549 logdebugx("%s: RECONFIGURE6 recv from %s," 3550 " sending to all interfaces", 3551 ifp->name, sfrom); 3552 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 3553 state = D6_CSTATE(ifp); 3554 if (state != NULL && state->send != NULL) 3555 dhcp6_recvif(ifp, sfrom, r, len); 3556 } 3557 return; 3558 } 3559 3560 state = D6_CSTATE(ifp); 3561 if (state == NULL || 3562 r->xid[0] != state->send->xid[0] || 3563 r->xid[1] != state->send->xid[1] || 3564 r->xid[2] != state->send->xid[2]) 3565 { 3566 struct interface *ifp1; 3567 const struct dhcp6_state *state1; 3568 3569 /* Find an interface with a matching xid. */ 3570 TAILQ_FOREACH(ifp1, ctx->ifaces, next) { 3571 state1 = D6_CSTATE(ifp1); 3572 if (state1 == NULL || state1->send == NULL) 3573 continue; 3574 if (r->xid[0] == state1->send->xid[0] && 3575 r->xid[1] == state1->send->xid[1] && 3576 r->xid[2] == state1->send->xid[2]) 3577 break; 3578 } 3579 3580 if (ifp1 == NULL) { 3581 if (state != NULL) 3582 logdebugx("%s: wrong xid 0x%02x%02x%02x" 3583 " (expecting 0x%02x%02x%02x) from %s", 3584 ifp->name, 3585 r->xid[0], r->xid[1], r->xid[2], 3586 state->send->xid[0], 3587 state->send->xid[1], 3588 state->send->xid[2], 3589 sfrom); 3590 return; 3591 } 3592 logdebugx("%s: redirecting DHCP6 message to %s", 3593 ifp->name, ifp1->name); 3594 ifp = ifp1; 3595 } 3596 3597 #if 0 3598 /* 3599 * Handy code to inject raw DHCPv6 packets over responses 3600 * from our server. 3601 * This allows me to take a 3rd party wireshark trace and 3602 * replay it in my code. 3603 */ 3604 static int replyn = 0; 3605 char fname[PATH_MAX], tbuf[64 * 1024]; 3606 int fd; 3607 ssize_t tlen; 3608 uint8_t *si1, *si2; 3609 uint16_t si_len1, si_len2; 3610 3611 snprintf(fname, sizeof(fname), 3612 "/tmp/dhcp6.reply%d.raw", replyn++); 3613 fd = open(fname, O_RDONLY, 0); 3614 if (fd == -1) { 3615 logerr("%s: open `%s'", __func__, fname); 3616 return; 3617 } 3618 tlen = read(fd, tbuf, sizeof(tbuf)); 3619 if (tlen == -1) 3620 logerr("%s: read `%s'", __func__, fname); 3621 close(fd); 3622 3623 /* Copy across ServerID so we can work with our own server. */ 3624 si1 = dhcp6_findmoption(r, len, D6_OPTION_SERVERID, &si_len1); 3625 si2 = dhcp6_findmoption(tbuf, (size_t)tlen, 3626 D6_OPTION_SERVERID, &si_len2); 3627 if (si1 != NULL && si2 != NULL && si_len1 == si_len2) 3628 memcpy(si2, si1, si_len2); 3629 r = (struct dhcp6_message *)tbuf; 3630 len = (size_t)tlen; 3631 #endif 3632 3633 dhcp6_recvif(ifp, sfrom, r, len); 3634 } 3635 3636 static void 3637 dhcp6_recv(struct dhcpcd_ctx *ctx, struct ipv6_addr *ia) 3638 { 3639 struct sockaddr_in6 from; 3640 unsigned char buf[64 * 1024]; /* Maximum UDP message size */ 3641 struct iovec iov = { 3642 .iov_base = buf, 3643 .iov_len = sizeof(buf), 3644 }; 3645 union { 3646 struct cmsghdr hdr; 3647 uint8_t buf[CMSG_SPACE(sizeof(struct in6_pktinfo))]; 3648 } cmsgbuf = { .buf = { 0 } }; 3649 struct msghdr msg = { 3650 .msg_name = &from, .msg_namelen = sizeof(from), 3651 .msg_iov = &iov, .msg_iovlen = 1, 3652 .msg_control = cmsgbuf.buf, .msg_controllen = sizeof(cmsgbuf.buf), 3653 }; 3654 int s; 3655 ssize_t bytes; 3656 3657 s = ia != NULL ? ia->dhcp6_fd : ctx->dhcp6_fd; 3658 bytes = recvmsg(s, &msg, 0); 3659 if (bytes == -1) { 3660 logerr(__func__); 3661 return; 3662 } 3663 3664 iov.iov_len = (size_t)bytes; 3665 dhcp6_recvmsg(ctx, &msg, ia); 3666 } 3667 3668 static void 3669 dhcp6_recvaddr(void *arg) 3670 { 3671 struct ipv6_addr *ia = arg; 3672 3673 dhcp6_recv(ia->iface->ctx, ia); 3674 } 3675 3676 static void 3677 dhcp6_recvctx(void *arg) 3678 { 3679 struct dhcpcd_ctx *ctx = arg; 3680 3681 dhcp6_recv(ctx, NULL); 3682 } 3683 3684 int 3685 dhcp6_openudp(unsigned int ifindex, struct in6_addr *ia) 3686 { 3687 struct sockaddr_in6 sa; 3688 int n, s; 3689 3690 #define SOCK_FLAGS SOCK_CLOEXEC | SOCK_NONBLOCK 3691 s = xsocket(PF_INET6, SOCK_DGRAM | SOCK_FLAGS, IPPROTO_UDP); 3692 #undef SOCK_FLAGS 3693 if (s == -1) 3694 goto errexit; 3695 3696 n = 1; 3697 if (setsockopt(s, SOL_SOCKET, SO_BROADCAST, &n, sizeof(n)) == -1) 3698 goto errexit; 3699 3700 memset(&sa, 0, sizeof(sa)); 3701 sa.sin6_family = AF_INET6; 3702 sa.sin6_port = htons(DHCP6_CLIENT_PORT); 3703 #ifdef BSD 3704 sa.sin6_len = sizeof(sa); 3705 #endif 3706 3707 if (ia != NULL) { 3708 memcpy(&sa.sin6_addr, ia, sizeof(sa.sin6_addr)); 3709 sa.sin6_scope_id = ifindex; 3710 } 3711 3712 if (bind(s, (struct sockaddr *)&sa, sizeof(sa)) == -1) 3713 goto errexit; 3714 3715 n = 1; 3716 if (setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO, &n, sizeof(n)) == -1) 3717 goto errexit; 3718 3719 return s; 3720 3721 errexit: 3722 logerr(__func__); 3723 if (s != -1) 3724 close(s); 3725 return -1; 3726 } 3727 3728 #ifndef SMALL 3729 static void 3730 dhcp6_activateinterfaces(struct interface *ifp) 3731 { 3732 struct interface *ifd; 3733 size_t i, j; 3734 struct if_ia *ia; 3735 struct if_sla *sla; 3736 3737 for (i = 0; i < ifp->options->ia_len; i++) { 3738 ia = &ifp->options->ia[i]; 3739 if (ia->ia_type != D6_OPTION_IA_PD) 3740 continue; 3741 for (j = 0; j < ia->sla_len; j++) { 3742 sla = &ia->sla[j]; 3743 ifd = if_find(ifp->ctx->ifaces, sla->ifname); 3744 if (ifd == NULL) { 3745 logwarn("%s: cannot delegate to %s", 3746 ifp->name, sla->ifname); 3747 continue; 3748 } 3749 if (!ifd->active) { 3750 loginfox("%s: activating for delegation", 3751 sla->ifname); 3752 dhcpcd_activateinterface(ifd, 3753 DHCPCD_IPV6 | DHCPCD_DHCP6); 3754 } 3755 } 3756 } 3757 } 3758 #endif 3759 3760 static void 3761 dhcp6_start1(void *arg) 3762 { 3763 struct interface *ifp = arg; 3764 struct dhcpcd_ctx *ctx = ifp->ctx; 3765 struct if_options *ifo = ifp->options; 3766 struct dhcp6_state *state; 3767 size_t i; 3768 const struct dhcp_compat *dhc; 3769 3770 if ((ctx->options & (DHCPCD_MASTER|DHCPCD_PRIVSEP)) == DHCPCD_MASTER && 3771 ctx->dhcp6_fd == -1) 3772 { 3773 ctx->dhcp6_fd = dhcp6_openudp(0, NULL); 3774 if (ctx->dhcp6_fd == -1) { 3775 logerr(__func__); 3776 return; 3777 } 3778 eloop_event_add(ctx->eloop, ctx->dhcp6_fd, dhcp6_recvctx, ctx); 3779 } 3780 3781 state = D6_STATE(ifp); 3782 /* If no DHCPv6 options are configured, 3783 match configured DHCPv4 options to DHCPv6 equivalents. */ 3784 for (i = 0; i < sizeof(ifo->requestmask6); i++) { 3785 if (ifo->requestmask6[i] != '\0') 3786 break; 3787 } 3788 if (i == sizeof(ifo->requestmask6)) { 3789 for (dhc = dhcp_compats; dhc->dhcp_opt; dhc++) { 3790 if (DHC_REQ(ifo->requestmask, ifo->nomask, dhc->dhcp_opt)) 3791 add_option_mask(ifo->requestmask6, 3792 dhc->dhcp6_opt); 3793 } 3794 if (ifo->fqdn != FQDN_DISABLE || ifo->options & DHCPCD_HOSTNAME) 3795 add_option_mask(ifo->requestmask6, D6_OPTION_FQDN); 3796 } 3797 3798 #ifndef SMALL 3799 /* Rapid commit won't work with Prefix Delegation Exclusion */ 3800 if (dhcp6_findselfsla(ifp)) 3801 del_option_mask(ifo->requestmask6, D6_OPTION_RAPID_COMMIT); 3802 #endif 3803 3804 if (state->state == DH6S_INFORM) { 3805 add_option_mask(ifo->requestmask6, D6_OPTION_INFO_REFRESH_TIME); 3806 dhcp6_startinform(ifp); 3807 } else { 3808 del_option_mask(ifo->requestmask6, D6_OPTION_INFO_REFRESH_TIME); 3809 dhcp6_startinit(ifp); 3810 } 3811 3812 #ifndef SMALL 3813 dhcp6_activateinterfaces(ifp); 3814 #endif 3815 } 3816 3817 int 3818 dhcp6_start(struct interface *ifp, enum DH6S init_state) 3819 { 3820 struct dhcp6_state *state; 3821 3822 state = D6_STATE(ifp); 3823 if (state != NULL) { 3824 switch (init_state) { 3825 case DH6S_INIT: 3826 goto gogogo; 3827 case DH6S_INFORM: 3828 if (state->state == DH6S_INIT || 3829 state->state == DH6S_INFORMED || 3830 (state->state == DH6S_DISCOVER && 3831 !(ifp->options->options & DHCPCD_IA_FORCED) && 3832 !ipv6nd_hasradhcp(ifp, true))) 3833 dhcp6_startinform(ifp); 3834 break; 3835 case DH6S_REQUEST: 3836 if (ifp->options->options & DHCPCD_DHCP6 && 3837 (state->state == DH6S_INIT || 3838 state->state == DH6S_INFORM || 3839 state->state == DH6S_INFORMED || 3840 state->state == DH6S_DELEGATED)) 3841 { 3842 /* Change from stateless to stateful */ 3843 init_state = DH6S_INIT; 3844 goto gogogo; 3845 } 3846 break; 3847 case DH6S_CONFIRM: 3848 init_state = DH6S_INIT; 3849 goto gogogo; 3850 default: 3851 /* Not possible, but sushes some compiler warnings. */ 3852 break; 3853 } 3854 return 0; 3855 } else { 3856 switch (init_state) { 3857 case DH6S_CONFIRM: 3858 /* No DHCPv6 config, no existing state 3859 * so nothing to do. */ 3860 return 0; 3861 case DH6S_INFORM: 3862 break; 3863 default: 3864 init_state = DH6S_INIT; 3865 break; 3866 } 3867 } 3868 3869 if (!(ifp->options->options & DHCPCD_DHCP6)) 3870 return 0; 3871 3872 ifp->if_data[IF_DATA_DHCP6] = calloc(1, sizeof(*state)); 3873 state = D6_STATE(ifp); 3874 if (state == NULL) 3875 return -1; 3876 3877 state->sol_max_rt = SOL_MAX_RT; 3878 state->inf_max_rt = INF_MAX_RT; 3879 TAILQ_INIT(&state->addrs); 3880 3881 gogogo: 3882 state->state = init_state; 3883 state->lerror = 0; 3884 state->failed = false; 3885 dhcp_set_leasefile(state->leasefile, sizeof(state->leasefile), 3886 AF_INET6, ifp); 3887 if (ipv6_linklocal(ifp) == NULL) { 3888 logdebugx("%s: delaying DHCPv6 for LL address", ifp->name); 3889 ipv6_addlinklocalcallback(ifp, dhcp6_start1, ifp); 3890 return 0; 3891 } 3892 3893 dhcp6_start1(ifp); 3894 return 0; 3895 } 3896 3897 void 3898 dhcp6_reboot(struct interface *ifp) 3899 { 3900 struct dhcp6_state *state; 3901 3902 state = D6_STATE(ifp); 3903 if (state == NULL) 3904 return; 3905 3906 state->lerror = 0; 3907 switch (state->state) { 3908 case DH6S_BOUND: 3909 dhcp6_startrebind(ifp); 3910 break; 3911 default: 3912 dhcp6_startdiscoinform(ifp); 3913 break; 3914 } 3915 } 3916 3917 static void 3918 dhcp6_freedrop(struct interface *ifp, int drop, const char *reason) 3919 { 3920 struct dhcp6_state *state; 3921 struct dhcpcd_ctx *ctx; 3922 unsigned long long options; 3923 3924 if (ifp->options) 3925 options = ifp->options->options; 3926 else 3927 options = ifp->ctx->options; 3928 3929 if (ifp->ctx->eloop) 3930 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp); 3931 3932 #ifndef SMALL 3933 /* If we're dropping the lease, drop delegated addresses. 3934 * If, for whatever reason, we don't drop them in the future 3935 * then they should at least be marked as deprecated (pltime 0). */ 3936 if (drop && (options & DHCPCD_NODROP) != DHCPCD_NODROP) 3937 dhcp6_delete_delegates(ifp); 3938 #endif 3939 3940 state = D6_STATE(ifp); 3941 if (state) { 3942 /* Failure to send the release may cause this function to 3943 * re-enter */ 3944 if (state->state == DH6S_RELEASE) { 3945 dhcp6_finishrelease(ifp); 3946 return; 3947 } 3948 3949 if (drop && options & DHCPCD_RELEASE && 3950 state->state != DH6S_DELEGATED) 3951 { 3952 if (ifp->carrier == LINK_UP && 3953 state->state != DH6S_RELEASED && 3954 state->state != DH6S_INFORMED) 3955 { 3956 dhcp6_startrelease(ifp); 3957 return; 3958 } 3959 unlink(state->leasefile); 3960 } 3961 dhcp6_freedrop_addrs(ifp, drop, NULL); 3962 free(state->old); 3963 state->old = state->new; 3964 state->old_len = state->new_len; 3965 state->new = NULL; 3966 state->new_len = 0; 3967 if (drop && state->old && 3968 (options & DHCPCD_NODROP) != DHCPCD_NODROP) 3969 { 3970 if (reason == NULL) 3971 reason = "STOP6"; 3972 script_runreason(ifp, reason); 3973 } 3974 free(state->old); 3975 free(state->send); 3976 free(state->recv); 3977 free(state); 3978 ifp->if_data[IF_DATA_DHCP6] = NULL; 3979 } 3980 3981 /* If we don't have any more DHCP6 enabled interfaces, 3982 * close the global socket and release resources */ 3983 ctx = ifp->ctx; 3984 if (ctx->ifaces) { 3985 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 3986 if (D6_STATE(ifp)) 3987 break; 3988 } 3989 } 3990 if (ifp == NULL && ctx->dhcp6_fd != -1) { 3991 eloop_event_delete(ctx->eloop, ctx->dhcp6_fd); 3992 close(ctx->dhcp6_fd); 3993 ctx->dhcp6_fd = -1; 3994 } 3995 } 3996 3997 void 3998 dhcp6_drop(struct interface *ifp, const char *reason) 3999 { 4000 4001 dhcp6_freedrop(ifp, 1, reason); 4002 } 4003 4004 void 4005 dhcp6_free(struct interface *ifp) 4006 { 4007 4008 dhcp6_freedrop(ifp, 0, NULL); 4009 } 4010 4011 void 4012 dhcp6_abort(struct interface *ifp) 4013 { 4014 struct dhcp6_state *state; 4015 #ifdef ND6_ADVERTISE 4016 struct ipv6_addr *ia; 4017 #endif 4018 4019 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_start1, ifp); 4020 state = D6_STATE(ifp); 4021 if (state == NULL) 4022 return; 4023 4024 #ifdef ND6_ADVERTISE 4025 TAILQ_FOREACH(ia, &state->addrs, next) { 4026 ipv6nd_advertise(ia); 4027 } 4028 #endif 4029 4030 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_startdiscover, ifp); 4031 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_senddiscover, ifp); 4032 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_startinform, ifp); 4033 eloop_timeout_delete(ifp->ctx->eloop, dhcp6_sendinform, ifp); 4034 4035 switch (state->state) { 4036 case DH6S_DISCOVER: /* FALLTHROUGH */ 4037 case DH6S_REQUEST: /* FALLTHROUGH */ 4038 case DH6S_INFORM: 4039 state->state = DH6S_INIT; 4040 break; 4041 default: 4042 break; 4043 } 4044 } 4045 4046 void 4047 dhcp6_handleifa(int cmd, struct ipv6_addr *ia, pid_t pid) 4048 { 4049 struct dhcp6_state *state; 4050 struct interface *ifp = ia->iface; 4051 4052 /* If not running in master mode, listen to this address */ 4053 if (cmd == RTM_NEWADDR && 4054 !(ia->addr_flags & IN6_IFF_NOTUSEABLE) && 4055 ifp->active == IF_ACTIVE_USER && 4056 !(ifp->ctx->options & DHCPCD_MASTER) && 4057 ifp->options->options & DHCPCD_DHCP6) 4058 { 4059 #ifdef PRIVSEP 4060 if (IN_PRIVSEP_SE(ifp->ctx)) { 4061 if (ps_inet_opendhcp6(ia) == -1) 4062 logerr(__func__); 4063 } else 4064 #endif 4065 { 4066 if (ia->dhcp6_fd == -1) 4067 ia->dhcp6_fd = dhcp6_openudp(ia->iface->index, 4068 &ia->addr); 4069 if (ia->dhcp6_fd != -1) 4070 eloop_event_add(ia->iface->ctx->eloop, 4071 ia->dhcp6_fd, dhcp6_recvaddr, ia); 4072 } 4073 } 4074 4075 4076 if ((state = D6_STATE(ifp)) != NULL) 4077 ipv6_handleifa_addrs(cmd, &state->addrs, ia, pid); 4078 } 4079 4080 ssize_t 4081 dhcp6_env(FILE *fp, const char *prefix, const struct interface *ifp, 4082 const struct dhcp6_message *m, size_t len) 4083 { 4084 const struct if_options *ifo; 4085 struct dhcp_opt *opt, *vo; 4086 const uint8_t *p; 4087 struct dhcp6_option o; 4088 size_t i; 4089 char *pfx; 4090 uint32_t en; 4091 const struct dhcpcd_ctx *ctx; 4092 #ifndef SMALL 4093 const struct dhcp6_state *state; 4094 const struct ipv6_addr *ap; 4095 #endif 4096 4097 if (m == NULL) 4098 goto delegated; 4099 4100 if (len < sizeof(*m)) { 4101 /* Should be impossible with guards at packet in 4102 * and reading leases */ 4103 errno = EINVAL; 4104 return -1; 4105 } 4106 4107 ifo = ifp->options; 4108 ctx = ifp->ctx; 4109 4110 /* Zero our indexes */ 4111 for (i = 0, opt = ctx->dhcp6_opts; 4112 i < ctx->dhcp6_opts_len; 4113 i++, opt++) 4114 dhcp_zero_index(opt); 4115 for (i = 0, opt = ifp->options->dhcp6_override; 4116 i < ifp->options->dhcp6_override_len; 4117 i++, opt++) 4118 dhcp_zero_index(opt); 4119 for (i = 0, opt = ctx->vivso; 4120 i < ctx->vivso_len; 4121 i++, opt++) 4122 dhcp_zero_index(opt); 4123 if (asprintf(&pfx, "%s_dhcp6", prefix) == -1) 4124 return -1; 4125 4126 /* Unlike DHCP, DHCPv6 options *may* occur more than once. 4127 * There is also no provision for option concatenation unlike DHCP. */ 4128 p = (const uint8_t *)m + sizeof(*m); 4129 len -= sizeof(*m); 4130 for (; len != 0; p += o.len, len -= o.len) { 4131 if (len < sizeof(o)) { 4132 errno = EINVAL; 4133 break; 4134 } 4135 memcpy(&o, p, sizeof(o)); 4136 p += sizeof(o); 4137 len -= sizeof(o); 4138 o.len = ntohs(o.len); 4139 if (len < o.len) { 4140 errno = EINVAL; 4141 break; 4142 } 4143 o.code = ntohs(o.code); 4144 if (has_option_mask(ifo->nomask6, o.code)) 4145 continue; 4146 for (i = 0, opt = ifo->dhcp6_override; 4147 i < ifo->dhcp6_override_len; 4148 i++, opt++) 4149 if (opt->option == o.code) 4150 break; 4151 if (i == ifo->dhcp6_override_len && 4152 o.code == D6_OPTION_VENDOR_OPTS && 4153 o.len > sizeof(en)) 4154 { 4155 memcpy(&en, p, sizeof(en)); 4156 en = ntohl(en); 4157 vo = vivso_find(en, ifp); 4158 } else 4159 vo = NULL; 4160 if (i == ifo->dhcp6_override_len) { 4161 for (i = 0, opt = ctx->dhcp6_opts; 4162 i < ctx->dhcp6_opts_len; 4163 i++, opt++) 4164 if (opt->option == o.code) 4165 break; 4166 if (i == ctx->dhcp6_opts_len) 4167 opt = NULL; 4168 } 4169 if (opt) { 4170 dhcp_envoption(ifp->ctx, 4171 fp, pfx, ifp->name, 4172 opt, dhcp6_getoption, p, o.len); 4173 } 4174 if (vo) { 4175 dhcp_envoption(ifp->ctx, 4176 fp, pfx, ifp->name, 4177 vo, dhcp6_getoption, 4178 p + sizeof(en), 4179 o.len - sizeof(en)); 4180 } 4181 } 4182 free(pfx); 4183 4184 delegated: 4185 #ifndef SMALL 4186 /* Needed for Delegated Prefixes */ 4187 state = D6_CSTATE(ifp); 4188 TAILQ_FOREACH(ap, &state->addrs, next) { 4189 if (ap->delegating_prefix) 4190 break; 4191 } 4192 if (ap == NULL) 4193 return 1; 4194 if (fprintf(fp, "%s_delegated_dhcp6_prefix=", prefix) == -1) 4195 return -1; 4196 TAILQ_FOREACH(ap, &state->addrs, next) { 4197 if (ap->delegating_prefix == NULL) 4198 continue; 4199 if (ap != TAILQ_FIRST(&state->addrs)) { 4200 if (fputc(' ', fp) == EOF) 4201 return -1; 4202 } 4203 if (fprintf(fp, "%s", ap->saddr) == -1) 4204 return -1; 4205 } 4206 if (fputc('\0', fp) == EOF) 4207 return -1; 4208 #endif 4209 4210 return 1; 4211 } 4212 #endif 4213